[User Guide] Upgrade from v0.1.2 to v0.2.0
As part of upgrade from release 0.1.2 to 0.2.0, the Terraform Module for Cloud Adoption Framework Enterprise-scale has updates to the included Policy Definitions and Policy Set Definitions.
This update helps to keep this module up to date with the latest reference architecture published in the Azure/Enterprise-Scale repository.
Anyone using this module should be aware of the following when planning to upgrade from release 0.1.2 to 0.2.0:
- A select number of policies and roles provided as part of this module will be redeployed. Please carefully review the output of
terraform planto ensure there are no issues with any custom configuration within your root module. - If you are using custom templates, you will need to verify references to policies defined within this module.
- The following template types will need checking for references to policies as listed in the resource changes section below:
- Archetype Definitions
- Policy Assignments
- Policy Set Definitions
- This update adds new functionality to enable deployment of Management and monitoring resources into the current Subscription context.
The following changes have been made within the module which may cause issues when using custom archetype definitions:
- The
es_rootarchetype definition has been updated to reflect the policy changes listed in the resource changes section below.
NOTE: All references to resource names are Case Sensitive. Failure to use the correct case will result in an
Invalid indexerror when runningterraform plan, such as the following example:
Error: Invalid index
on ../../modules/archetypes/locals.policy_definitions.tf line 82, in locals:
82: template = local.archetype_policy_definitions_map[policy]
|----------------
| local.archetype_policy_definitions_map is object with 100 attributes
The given key does not identify an element in this collection value.The Deploy-ASC-Defender Policy Assignment has been updated to use the new Deploy-ASC-Config Policy Set Definition, replacing the original Deploy-ASC-Standard Policy Definition.
This Policy Assignment now has the following additional parameters:
-
emailSecurityContact(required) -
logAnalytics(required) -
pricingTierSqlServerVirtualMachines(optional)
| Policy Definition Name (v0.1.2) | Policy Definition Name (v0.2.0) | Notes |
|---|---|---|
| Deploy-ASC-Standard | (removed) | |
| Deploy-ASC-Defender-ACR | (new) | |
| Deploy-ASC-Defender-AKS | (new) | |
| Deploy-ASC-Defender-AKV | (new) | |
| Deploy-ASC-Defender-AppSrv | (new) | |
| Deploy-ASC-Defender-ARM | (new) | |
| Deploy-ASC-Defender-DNS | (new) | |
| Deploy-ASC-Defender-SA | (new) | |
| Deploy-ASC-Defender-Sql | (new) | |
| Deploy-ASC-Defender-SQLVM | (new) | |
| Deploy-ASC-Defender-VMs | (new) | |
| Deploy-ASC-SecurityContacts | (new) | |
| Deploy-Diagnostics-PublicIP | (removed) |
| Policy Set Definition Name (v0.1.2) | Policy Set Definition Name (v0.2.0) | Notes |
|---|---|---|
| Deploy-ASC-Config | (new) |
IMPORTANT If you are using custom archetype definitions, please ensure you update this to reflect the above changes.
Take a look at the latest User Guide documentation and our Examples to understand the latest module configuration options, and review your implementation against the changes documented on this page.
- Home
- User guide
- Video guides
-
Examples
- Level 100
- Level 200
-
Level 300
- Deploy multi region networking with custom settings (Hub and Spoke)
- Deploy multi region networking with custom settings (Virtual WAN)
- Deploy with Zero Trust network principles (Hub and Spoke)
- Deploy identity resources with custom settings
- Deploy management resources with custom settings
- Expand built-in archetype definitions
- Create custom policies, initiatives and assignments
- Override module role assignments
- Control policy enforcement mode
- Policy assignments with user assigned managed identities
- Level 400
- Frequently Asked Questions
- Troubleshooting
- Contributing