diff --git a/docs/content/patterns/alz/Available_features/Bring-your-own-Notifications.md b/docs/content/patterns/alz/Available_features/Bring-your-own-Notifications.md index 426dc5b78..1502063b7 100644 --- a/docs/content/patterns/alz/Available_features/Bring-your-own-Notifications.md +++ b/docs/content/patterns/alz/Available_features/Bring-your-own-Notifications.md @@ -60,6 +60,6 @@ Should customers decide to switch, it will be enough to: - change the values in the parameter file to match one of the three cases previously discussed - redeploy the ALZ pattern - run the remediation for both [Notification Assets](https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/main/patterns/alz/policySetDefinitions/Deploy-Notification-Assets.json) and [Alerting-ServiceHealth](https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/main/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json) policy initiatives -- remove notification assets deployed by ALZ patterns using the [**Remove-AMBANotificationAssets.ps1**](https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/main/patterns/alz/scripts/Remove-AMBANotificationAssets.ps1) script (_*** only if moving from ALZ notification assets to BYON_) +- remove notification assets deployed by ALZ patterns using the [**Start-AMBA-ALZ-Maintenance.ps1**](https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/main/patterns/alz/scripts/Start-AMBA-ALZ-Maintenance.ps1) script (_*** only if moving from ALZ notification assets to BYON_) -The code will reconfigure the Service Health alerts to use either the customer's action groups to the ALZ pattern notification assets according to the selected case. +The code will also reconfigure the Service Health alerts to use either the customer's action groups to the ALZ pattern notification assets according to the selected case. diff --git a/docs/content/patterns/alz/deploy/Remediate-Policies.md b/docs/content/patterns/alz/deploy/Remediate-Policies.md index 62f0bbd92..d53845522 100644 --- a/docs/content/patterns/alz/deploy/Remediate-Policies.md +++ b/docs/content/patterns/alz/deploy/Remediate-Policies.md @@ -43,6 +43,7 @@ For convenience, assuming that the management hierarchy is fully aligned to ALZ, ```powershell #Modify the following variables to match your environment $pseudoRootManagementGroup = "The pseudo root management group id parenting the Platform and Landing Zones management groups" +$platformManagementGroup = "The management group id for Platform" $identityManagementGroup = "The management group id for Identity" $managementManagementGroup = "The management group id for Management" $connectivityManagementGroup = "The management group id for Connectivity" @@ -53,6 +54,8 @@ $LZManagementGroup="The management group id for Landing Zones" #Run the following commands to initiate remediation .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $pseudoRootManagementGroup -policyName Notification-Assets .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $pseudoRootManagementGroup -policyName Alerting-ServiceHealth +.\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $platformManagementGroup -policyName Alerting-HybridVM +.\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $platformManagementGroup -policyName Alerting-VM .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $connectivityManagementGroup -policyName Alerting-Connectivity .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $identityManagementGroup -policyName Alerting-Identity .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $managementManagementGroup -policyName Alerting-Management @@ -60,8 +63,8 @@ $LZManagementGroup="The management group id for Landing Zones" .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-LoadBalancing .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-NetworkChanges .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-RecoveryServices -.\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-HybridVM .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-Storage +.\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-HybridVM .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-VM .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-Web ``` diff --git a/docs/content/patterns/alz/media/AMBA-Diagrams_20240917.vsdx b/docs/content/patterns/alz/media/AMBA-Diagrams_20240917.vsdx new file mode 100644 index 000000000..b8b017e7e Binary files /dev/null and b/docs/content/patterns/alz/media/AMBA-Diagrams_20240917.vsdx differ diff --git a/docs/content/patterns/alz/media/AMBA-Diagrams_20241126.vsdx b/docs/content/patterns/alz/media/AMBA-Diagrams_20241126.vsdx new file mode 100644 index 000000000..36734950a Binary files /dev/null and b/docs/content/patterns/alz/media/AMBA-Diagrams_20241126.vsdx differ diff --git a/docs/content/patterns/alz/media/alz-management-groups-single.png b/docs/content/patterns/alz/media/alz-management-groups-single.png index a8199bd0f..a29d8410e 100644 Binary files a/docs/content/patterns/alz/media/alz-management-groups-single.png and b/docs/content/patterns/alz/media/alz-management-groups-single.png differ diff --git a/docs/content/patterns/alz/media/alz-management-groups-unaligned.png b/docs/content/patterns/alz/media/alz-management-groups-unaligned.png index 726eb17c3..5a78d7489 100644 Binary files a/docs/content/patterns/alz/media/alz-management-groups-unaligned.png and b/docs/content/patterns/alz/media/alz-management-groups-unaligned.png differ diff --git a/docs/content/patterns/alz/media/alz-management-groups.png b/docs/content/patterns/alz/media/alz-management-groups.png index 7b5c9792b..ffabd45bc 100644 Binary files a/docs/content/patterns/alz/media/alz-management-groups.png and b/docs/content/patterns/alz/media/alz-management-groups.png differ diff --git a/docs/content/patterns/alz/media/azure-monitor-baseline-alerts-policy-initiative-flow.png b/docs/content/patterns/alz/media/azure-monitor-baseline-alerts-policy-initiative-flow.png index 40e40f8ac..e15f3292b 100644 Binary files a/docs/content/patterns/alz/media/azure-monitor-baseline-alerts-policy-initiative-flow.png and b/docs/content/patterns/alz/media/azure-monitor-baseline-alerts-policy-initiative-flow.png differ diff --git a/patterns/alz/alz-portal.json b/patterns/alz/alz-portal.json index 54649478b..175b2d250 100644 --- a/patterns/alz/alz-portal.json +++ b/patterns/alz/alz-portal.json @@ -272,9 +272,9 @@ "toolTip": "Provide the name of the Management Group that will be used to host the platform resources.", "constraints": { "allowedValues": "[map(steps('Configuration').ManagementGroupAPI.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", - "required": false + "required": true }, - "visible": false + "visible": true }, { "name": "enableAMBAIdentity", @@ -946,7 +946,7 @@ "enableAMBAIdentity": "[steps('Configuration').enableAMBAIdentity]", "enableAMBAHybridVM": "[steps('Configuration').enableAMBAHybridVM]", "enterpriseScaleCompanyPrefix": "[steps('Configuration').enterpriseScaleCompanyPrefix]", - "platformManagementGroup": "['contoso-platform']", + "platformManagementGroup": "[steps('Configuration').platformManagementGroup]", "IdentityManagementGroup": "[if(equals(steps('Configuration').enableAMBAIdentity,'No'), 'contoso-identity', steps('Configuration').IdentityManagementGroup)]", "managementManagementGroup": "[if(equals(steps('Configuration').enableAMBAManagement, 'No'), 'contoso-management', steps('Configuration').managementManagementGroup)]", "connectivityManagementGroup": "[if(equals(steps('Configuration').enableAMBAConnectivity, 'No'), 'contoso-connectivity', steps('Configuration').connectivityManagementGroup)]", diff --git a/patterns/alz/alzArm.json b/patterns/alz/alzArm.json index 73e4fcbb1..723d02630 100644 --- a/patterns/alz/alzArm.json +++ b/patterns/alz/alzArm.json @@ -339,15 +339,6 @@ "description": "Provide the alert processing rule used for monitoring." } }, - "delayCount": { - "type": "int", - "defaultValue": 1, - "minValue": 1, - "maxValue": 60, - "metadata": { - "description": "Configure the count of empty deployments used to introduce a delay after policy deployment. Used to increase reliability of deployment, but can be reduced when re-deploying to an existing environment." - } - }, "currentDateTimeUtcNow": { "type": "string", "defaultValue": "[utcNow()]", @@ -560,7 +551,8 @@ "policySetDefinitionsDeploymentName": "[take(concat('amba-PolicySet', variables('deploymentSuffix')), 64)]", "AMBAConnectivityDeploymentName": "[take(concat('amba-Connectivity', variables('deploymentSuffix')), 64)]", "AMBAIdentityDeploymentName": "[take(concat('amba-Identity', variables('deploymentSuffix')), 64)]", - "AMBAHybridVMDeploymentName": "[take(concat('amba-HybridVM', variables('deploymentSuffix')), 64)]", + "AMBAHybridVMDeploymentNameLandingZones": "[take(concat('amba-HybridVM-LandingZones', variables('deploymentSuffix')), 64)]", + "AMBAHybridVMDeploymentNamePlatform": "[take(concat('amba-HybridVM-Platform', variables('deploymentSuffix')), 64)]", "AMBAManagementDeploymentName": "[take(concat('amba-Management', variables('deploymentSuffix')), 64)]", "AMBAServiceHealthDeploymentName": "[take(concat('amba-ServiceHealth', variables('deploymentSuffix')), 64)]", "AMBANotificationAssetsDeploymentName": "[take(concat('amba-NotificationAssets', variables('deploymentSuffix')), 64)]", @@ -569,7 +561,8 @@ "AMBANetworkChangesDeploymentName": "[take(concat('amba-NetworkChanges', variables('deploymentSuffix')), 64)]", "AMBARecoveryServicesDeploymentName": "[take(concat('amba-RecoveryServices', variables('deploymentSuffix')), 64)]", "AMBAStorageDeploymentName": "[take(concat('amba-Storage', variables('deploymentSuffix')), 64)]", - "AMBAVMDeploymentName": "[take(concat('amba-VM', variables('deploymentSuffix')), 64)]", + "AMBAVMDeploymentNameLandingZones": "[take(concat('amba-VM-LandingZones', variables('deploymentSuffix')), 64)]", + "AMBAVMDeploymentNamePlatform": "[take(concat('amba-VM-Platform', variables('deploymentSuffix')), 64)]", "AMBAWebDeploymentName": "[take(concat('amba-Web', variables('deploymentSuffix')), 64)]", "pidCuaDeploymentName": "[take(concat('amba-pid-', variables('cuaid'), '-' , uniqueString(deployment().location, parameters('enterpriseScaleCompanyPrefix'), parameters('currentDateTimeUtcNow'))), 64)]", "pidCuaConnectivityDeploymentName": "[take(concat('amba-pid-Connectivity-', variables('cuaidConnectivity'), '-' , uniqueString(deployment().location, parameters('enterpriseScaleCompanyPrefix'), parameters('currentDateTimeUtcNow'))), 64)]", @@ -996,34 +989,6 @@ } } }, - // MARK: Delay - // Adding delay to ensure policy deployment is completed before policy assignments - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2020-10-01", - "name": "[concat('amba-PreparingToLaunch', copyIndex())]", - "location": "[deployment().location]", - "scope": "[concat('Microsoft.Management/managementGroups/', parameters('enterpriseScaleCompanyPrefix'))]", - "dependsOn": [ - "[variables('deploymentNames').policySetDefinitionsDeploymentName]" - ], - "copy": { - "batchSize": 1, - "count": "[parameters('delayCount')]", - "mode": "Serial", - "name": "ambaPolicyCompletion" - }, - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": {}, - "resources": [], - "outputs": {} - } - } - }, // MARK: Assign Policies // Assigning AMBA Connectivity PolicySet to the connectivity management group if condition is true { @@ -1032,10 +997,10 @@ "apiVersion": "2020-10-01", "name": "[variables('deploymentNames').AMBAConnectivityDeploymentName]", "scope": "[concat('Microsoft.Management/managementGroups/', parameters('connectivityManagementGroup'))]", - "location": "[deployment().location]", "dependsOn": [ - "ambaPolicyCompletion" + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" ], + "location": "[deployment().location]", "properties": { "mode": "Incremental", "templateLink": { @@ -1059,10 +1024,10 @@ "apiVersion": "2020-10-01", "name": "[variables('deploymentNames').AMBAIdentityDeploymentName]", "scope": "[concat('Microsoft.Management/managementGroups/', parameters('identityManagementGroup'))]", - "location": "[deployment().location]", "dependsOn": [ - "ambaPolicyCompletion" + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" ], + "location": "[deployment().location]", "properties": { "mode": "Incremental", "templateLink": { @@ -1088,9 +1053,9 @@ "scope": "[concat('Microsoft.Management/managementGroups/', parameters('managementManagementGroup'))]", "location": "[deployment().location]", "dependsOn": [ - "ambaPolicyCompletion", - "[variables('deploymentNames').AMBAUamiRoleAssignmentDeploymentName]" - ], + "[variables('deploymentNames').AMBAUamiRoleAssignmentDeploymentName]", + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" + ], "properties": { "mode": "Incremental", "templateLink": { @@ -1120,10 +1085,10 @@ "apiVersion": "2020-10-01", "name": "[variables('deploymentNames').AMBAServiceHealthDeploymentName]", "scope": "[concat('Microsoft.Management/managementGroups/', parameters('enterpriseScaleCompanyPrefix'))]", - "location": "[deployment().location]", "dependsOn": [ - "ambaPolicyCompletion" + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" ], + "location": "[deployment().location]", "properties": { "mode": "Incremental", "templateLink": { @@ -1147,10 +1112,10 @@ "apiVersion": "2020-10-01", "name": "[variables('deploymentNames').AMBANotificationAssetsDeploymentName]", "scope": "[concat('Microsoft.Management/managementGroups/', parameters('enterpriseScaleCompanyPrefix'))]", - "location": "[deployment().location]", "dependsOn": [ - "ambaPolicyCompletion" + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" ], + "location": "[deployment().location]", "properties": { "mode": "Incremental", "templateLink": { @@ -1172,13 +1137,13 @@ "condition": "[equals(parameters('enableAMBAHybridVM'), 'Yes')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2020-10-01", - "name": "[variables('deploymentNames').AMBAHybridVMDeploymentName]", + "name": "[variables('deploymentNames').AMBAHybridVMDeploymentNameLandingZones]", "scope": "[concat('Microsoft.Management/managementGroups/', parameters('LandingZoneManagementGroup'))]", "location": "[deployment().location]", "dependsOn": [ - "ambaPolicyCompletion", - "[variables('deploymentNames').AMBAUamiRoleAssignmentDeploymentName]" - ], + "[variables('deploymentNames').AMBAUamiRoleAssignmentDeploymentName]", + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" + ], "properties": { "mode": "Incremental", "templateLink": { @@ -1204,6 +1169,43 @@ } } }, + // Assigning AMBA HybridVM PolicySet to the Platform management group if condition is true + { + "condition": "[equals(parameters('enableAMBAHybridVM'), 'Yes')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "[variables('deploymentNames').AMBAHybridVMDeploymentNamePlatform]", + "scope": "[concat('Microsoft.Management/managementGroups/', parameters('platformManagementGroup'))]", + "location": "[deployment().location]", + "dependsOn": [ + "[variables('deploymentNames').AMBAUamiRoleAssignmentDeploymentName]", + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').AMBAHybridVMInitiative]" + }, + "parameters": { + "topLevelManagementGroupPrefix": { + "value": "[parameters('enterpriseScaleCompanyPrefix')]" + }, + "scope": { + "value": "[parameters('platformManagementGroup')]" + }, + "uamiScope": { + "value": "[parameters('managementManagementGroup')]" + }, + "bringYourOwnUserAssignedManagedIdentity": { + "value": "[parameters('bringYourOwnUserAssignedManagedIdentity')]" + }, + "policyAssignmentParameters": { + "value": "[variables('policyAssignmentParametersHybridVM')]" + } + } + } + }, // Assigning AMBA Key Management PolicySet to the Landing Zone management group if condition is true { "condition": "[equals(parameters('enableAMBAKeyManagement'), 'Yes')]", @@ -1211,10 +1213,10 @@ "apiVersion": "2020-10-01", "name": "[variables('deploymentNames').AMBAKeyManagementDeploymentName]", "scope": "[concat('Microsoft.Management/managementGroups/', parameters('LandingZoneManagementGroup'))]", - "location": "[deployment().location]", "dependsOn": [ - "ambaPolicyCompletion" + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" ], + "location": "[deployment().location]", "properties": { "mode": "Incremental", "templateLink": { @@ -1238,10 +1240,10 @@ "apiVersion": "2020-10-01", "name": "[variables('deploymentNames').AMBALoadBalancingDeploymentName]", "scope": "[concat('Microsoft.Management/managementGroups/', parameters('LandingZoneManagementGroup'))]", - "location": "[deployment().location]", "dependsOn": [ - "ambaPolicyCompletion" + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" ], + "location": "[deployment().location]", "properties": { "mode": "Incremental", "templateLink": { @@ -1265,10 +1267,10 @@ "apiVersion": "2020-10-01", "name": "[variables('deploymentNames').AMBANetworkChangesDeploymentName]", "scope": "[concat('Microsoft.Management/managementGroups/', parameters('LandingZoneManagementGroup'))]", - "location": "[deployment().location]", "dependsOn": [ - "ambaPolicyCompletion" + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" ], + "location": "[deployment().location]", "properties": { "mode": "Incremental", "templateLink": { @@ -1292,10 +1294,10 @@ "apiVersion": "2020-10-01", "name": "[variables('deploymentNames').AMBARecoveryServicesDeploymentName]", "scope": "[concat('Microsoft.Management/managementGroups/', parameters('LandingZoneManagementGroup'))]", - "location": "[deployment().location]", "dependsOn": [ - "ambaPolicyCompletion" + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" ], + "location": "[deployment().location]", "properties": { "mode": "Incremental", "templateLink": { @@ -1319,10 +1321,10 @@ "apiVersion": "2020-10-01", "name": "[variables('deploymentNames').AMBAStorageDeploymentName]", "scope": "[concat('Microsoft.Management/managementGroups/', parameters('LandingZoneManagementGroup'))]", - "location": "[deployment().location]", "dependsOn": [ - "ambaPolicyCompletion" + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" ], + "location": "[deployment().location]", "properties": { "mode": "Incremental", "templateLink": { @@ -1344,12 +1346,12 @@ "condition": "[equals(parameters('enableAMBAVM'), 'Yes')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2020-10-01", - "name": "[variables('deploymentNames').AMBAVMDeploymentName]", + "name": "[variables('deploymentNames').AMBAVMDeploymentNameLandingZones]", "scope": "[concat('Microsoft.Management/managementGroups/', parameters('LandingZoneManagementGroup'))]", "location": "[deployment().location]", "dependsOn": [ - "ambaPolicyCompletion", - "[variables('deploymentNames').AMBAUamiRoleAssignmentDeploymentName]" + "[variables('deploymentNames').AMBAUamiRoleAssignmentDeploymentName]", + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" ], "properties": { "mode": "Incremental", @@ -1376,6 +1378,43 @@ } } }, + // Assigning AMBA VM PolicySet to the Platform management group if condition is true + { + "condition": "[equals(parameters('enableAMBAVM'), 'Yes')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "[variables('deploymentNames').AMBAVMDeploymentNamePlatform]", + "scope": "[concat('Microsoft.Management/managementGroups/', parameters('platformManagementGroup'))]", + "location": "[deployment().location]", + "dependsOn": [ + "[variables('deploymentNames').AMBAUamiRoleAssignmentDeploymentName]", + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').AMBAVMInitiative]" + }, + "parameters": { + "topLevelManagementGroupPrefix": { + "value": "[parameters('enterpriseScaleCompanyPrefix')]" + }, + "scope": { + "value": "[parameters('platformManagementGroup')]" + }, + "uamiScope": { + "value": "[parameters('managementManagementGroup')]" + }, + "bringYourOwnUserAssignedManagedIdentity": { + "value": "[parameters('bringYourOwnUserAssignedManagedIdentity')]" + }, + "policyAssignmentParameters": { + "value": "[variables('policyAssignmentParametersVM')]" + } + } + } + }, // Assigning AMBA Web PolicySet to the Landing Zone group if condition is true { "condition": "[equals(parameters('enableAMBAWeb'), 'Yes')]", @@ -1383,10 +1422,10 @@ "apiVersion": "2020-10-01", "name": "[variables('deploymentNames').AMBAWebDeploymentName]", "scope": "[concat('Microsoft.Management/managementGroups/', parameters('LandingZoneManagementGroup'))]", - "location": "[deployment().location]", "dependsOn": [ - "ambaPolicyCompletion" + "[variables('deploymentNames').policySetDefinitionsDeploymentName]" ], + "location": "[deployment().location]", "properties": { "mode": "Incremental", "templateLink": { diff --git a/patterns/alz/policyDefinitions/policies-Automation.json b/patterns/alz/policyDefinitions/policies-Automation.json index 72557a217..6b6174435 100644 --- a/patterns/alz/policyDefinitions/policies-Automation.json +++ b/patterns/alz/policyDefinitions/policies-Automation.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "3920397771930135856" + "version": "0.19.5.34762", + "templateHash": "10001095019586829330" } }, "parameters": { @@ -13,8 +13,8 @@ "type": "string", "defaultValue": "alz", "metadata": { - "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!", - "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"" + "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"", + "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!" } }, "location": { diff --git a/patterns/alz/policyDefinitions/policies-Compute.json b/patterns/alz/policyDefinitions/policies-Compute.json index 922ffa0f5..7b9c13f1c 100644 --- a/patterns/alz/policyDefinitions/policies-Compute.json +++ b/patterns/alz/policyDefinitions/policies-Compute.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.19.5.34762", - "templateHash": "18055944114162281445" + "templateHash": "5171477523449090733" } }, "parameters": { @@ -126,7 +126,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Virtual Machines", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines.", "metadata": { - "version": "1.0.0", + "version": "1.0.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -137,7 +137,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" diff --git a/patterns/alz/policyDefinitions/policies-Hybrid.json b/patterns/alz/policyDefinitions/policies-Hybrid.json index c6f76e99c..265ad9a3f 100644 --- a/patterns/alz/policyDefinitions/policies-Hybrid.json +++ b/patterns/alz/policyDefinitions/policies-Hybrid.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.19.5.34762", - "templateHash": "6579255325902287884" + "templateHash": "3790906364926990204" } }, "parameters": { @@ -127,7 +127,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Hybrid VMs", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers.", "metadata": { - "version": "1.1.0", + "version": "1.1.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -138,7 +138,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" diff --git a/patterns/alz/policyDefinitions/policies-KeyManagement.json b/patterns/alz/policyDefinitions/policies-KeyManagement.json index 5e8078350..6aaab7484 100644 --- a/patterns/alz/policyDefinitions/policies-KeyManagement.json +++ b/patterns/alz/policyDefinitions/policies-KeyManagement.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "16340494986875315675" + "version": "0.19.5.34762", + "templateHash": "72757054326075040" } }, "parameters": { @@ -13,8 +13,8 @@ "type": "string", "defaultValue": "alz", "metadata": { - "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!", - "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"" + "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"", + "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!" } }, "location": { @@ -131,7 +131,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Key Management", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Key Management Services such as Azure Key Vault, and Managed HSM.", "metadata": { - "version": "1.0.0", + "version": "1.0.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -142,7 +142,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" @@ -921,7 +921,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Identity", "description": "Initiative to deploy AMBA alerts relevant to the ALZ Identity management group", "metadata": { - "version": "1.1.0", + "version": "1.1.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -932,7 +932,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the alerting resources will be deployed" diff --git a/patterns/alz/policyDefinitions/policies-Network.json b/patterns/alz/policyDefinitions/policies-Network.json index 24c930855..5835c65cd 100644 --- a/patterns/alz/policyDefinitions/policies-Network.json +++ b/patterns/alz/policyDefinitions/policies-Network.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "6782873740768881035" + "version": "0.19.5.34762", + "templateHash": "12097418730809858419" } }, "parameters": { @@ -13,8 +13,8 @@ "type": "string", "defaultValue": "alz", "metadata": { - "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!", - "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"" + "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"", + "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!" } }, "location": { @@ -185,7 +185,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Connectivity", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Network components such as Azure Firewalls, ExpressRoute, VPN, and Private DNS Zones.", "metadata": { - "version": "1.3.0", + "version": "1.3.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -196,7 +196,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" @@ -7918,7 +7918,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Changes in Network Routing and Security", "description": "This initiative implements Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups.", "metadata": { - "version": "1.0.0", + "version": "1.0.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -7929,7 +7929,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" diff --git a/patterns/alz/policyDefinitions/policies-NotificationAssets.json b/patterns/alz/policyDefinitions/policies-NotificationAssets.json index 4bfec394a..826ada7ae 100644 --- a/patterns/alz/policyDefinitions/policies-NotificationAssets.json +++ b/patterns/alz/policyDefinitions/policies-NotificationAssets.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "18097644963736563215" + "version": "0.19.5.34762", + "templateHash": "13990384610618582047" } }, "parameters": { @@ -13,8 +13,8 @@ "type": "string", "defaultValue": "alz", "metadata": { - "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!", - "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"" + "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"", + "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!" } }, "location": { @@ -125,7 +125,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts - Notification Assets", "description": "This initiative deploys Notification Assets for Azure Monitor Baseline Alerts. This includes the setup of an Alert Processing Rule and an Action Group to manage notifications and actions, along with a Notification Suppression Rule to manage alert notifications, as well as a Notification Suppression Rule to control alert notifications.", "metadata": { - "version": "1.3.0", + "version": "1.3.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -136,7 +136,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "Resource Group Name", "description": "Name of the resource group to deploy the alerts to" diff --git a/patterns/alz/policyDefinitions/policies-RecoveryServices.json b/patterns/alz/policyDefinitions/policies-RecoveryServices.json index 2b737d21f..b41a10a10 100644 --- a/patterns/alz/policyDefinitions/policies-RecoveryServices.json +++ b/patterns/alz/policyDefinitions/policies-RecoveryServices.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "9835070459603262280" + "version": "0.19.5.34762", + "templateHash": "4026295181729512686" } }, "parameters": { @@ -13,8 +13,8 @@ "type": "string", "defaultValue": "alz", "metadata": { - "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!", - "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"" + "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"", + "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!" } }, "location": { diff --git a/patterns/alz/policyDefinitions/policies-ServiceHealth.json b/patterns/alz/policyDefinitions/policies-ServiceHealth.json index 0bbf252e1..14d178bd8 100644 --- a/patterns/alz/policyDefinitions/policies-ServiceHealth.json +++ b/patterns/alz/policyDefinitions/policies-ServiceHealth.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "11286016692936857452" + "version": "0.19.5.34762", + "templateHash": "13010403174718189788" } }, "parameters": { @@ -13,8 +13,8 @@ "type": "string", "defaultValue": "alz", "metadata": { - "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!", - "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"" + "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"", + "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!" } }, "location": { @@ -129,7 +129,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Service Health", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Service Health Events such as Service issues, Planned maintenance, Health advisories, Security advisories, and Resource health.", "metadata": { - "version": "1.5.0", + "version": "1.5.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -140,7 +140,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "Resource Group Name", "description": "Name of the resource group to deploy the alerts to" diff --git a/patterns/alz/policyDefinitions/policies-Storage.json b/patterns/alz/policyDefinitions/policies-Storage.json index 3cdc22dd0..2373b9e94 100644 --- a/patterns/alz/policyDefinitions/policies-Storage.json +++ b/patterns/alz/policyDefinitions/policies-Storage.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "9732973018260218732" + "version": "0.19.5.34762", + "templateHash": "7230601166858169199" } }, "parameters": { @@ -13,8 +13,8 @@ "type": "string", "defaultValue": "alz", "metadata": { - "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!", - "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"" + "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"", + "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!" } }, "location": { @@ -125,7 +125,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Storage", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Storage Services such as Storage accounts.", "metadata": { - "version": "1.0.0", + "version": "1.0.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -136,7 +136,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" diff --git a/patterns/alz/policyDefinitions/policies-Web.json b/patterns/alz/policyDefinitions/policies-Web.json index 16a2c9670..a85b3c7b5 100644 --- a/patterns/alz/policyDefinitions/policies-Web.json +++ b/patterns/alz/policyDefinitions/policies-Web.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "13241637439837166926" + "version": "0.19.5.34762", + "templateHash": "18008441162732409292" } }, "parameters": { @@ -13,8 +13,8 @@ "type": "string", "defaultValue": "alz", "metadata": { - "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!", - "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"" + "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"", + "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!" } }, "location": { diff --git a/patterns/alz/policyDefinitions/policySets.json b/patterns/alz/policyDefinitions/policySets.json index f3db7c96b..81a78d592 100644 --- a/patterns/alz/policyDefinitions/policySets.json +++ b/patterns/alz/policyDefinitions/policySets.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "4658484165538246875" + "version": "0.19.5.34762", + "templateHash": "2780282705340805752" } }, "parameters": { @@ -13,8 +13,8 @@ "type": "string", "defaultValue": "alz", "metadata": { - "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!", - "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"" + "description": "Provide a prefix (unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\"", + "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!" } }, "location": { @@ -136,7 +136,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" @@ -5575,7 +5575,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Management", "description": "Initiative to deploy AMBA alerts relevant to the ALZ Management management group", "metadata": { - "version": "1.3.0", + "version": "1.3.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -5586,7 +5586,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitoring Resource Group Name", "description": "Name of the resource group to deploy the ALZ monitoring resources to" diff --git a/patterns/alz/policySetDefinitions/Deploy-Connectivity-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-Connectivity-Alerts.json index d521090e6..a6dbdf1d7 100644 --- a/patterns/alz/policySetDefinitions/Deploy-Connectivity-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-Connectivity-Alerts.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Connectivity", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Network components such as Azure Firewalls, ExpressRoute, VPN, and Private DNS Zones.", "metadata": { - "version": "1.3.0", + "version": "1.3.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -17,7 +17,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" diff --git a/patterns/alz/policySetDefinitions/Deploy-HybridVM-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-HybridVM-Alerts.json index b8406f23b..bb9bff4ac 100644 --- a/patterns/alz/policySetDefinitions/Deploy-HybridVM-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-HybridVM-Alerts.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Hybrid VMs", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers.", "metadata": { - "version": "1.1.0", + "version": "1.1.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -17,7 +17,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" diff --git a/patterns/alz/policySetDefinitions/Deploy-Identity-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-Identity-Alerts.json index f74086708..afc36ffa0 100644 --- a/patterns/alz/policySetDefinitions/Deploy-Identity-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-Identity-Alerts.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Identity", "description": "Initiative to deploy AMBA alerts relevant to the ALZ Identity management group", "metadata": { - "version": "1.1.0", + "version": "1.1.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -17,7 +17,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the alerting resources will be deployed" diff --git a/patterns/alz/policySetDefinitions/Deploy-KeyManagement-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-KeyManagement-Alerts.json index 15509b665..316744330 100644 --- a/patterns/alz/policySetDefinitions/Deploy-KeyManagement-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-KeyManagement-Alerts.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Key Management", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Key Management Services such as Azure Key Vault, and Managed HSM.", "metadata": { - "version": "1.0.0", + "version": "1.0.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -17,7 +17,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" diff --git a/patterns/alz/policySetDefinitions/Deploy-LandingZone-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-LandingZone-Alerts.json index 6f11179bc..92d9c1b72 100644 --- a/patterns/alz/policySetDefinitions/Deploy-LandingZone-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-LandingZone-Alerts.json @@ -19,7 +19,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" diff --git a/patterns/alz/policySetDefinitions/Deploy-Management-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-Management-Alerts.json index a8953f650..ea9299128 100644 --- a/patterns/alz/policySetDefinitions/Deploy-Management-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-Management-Alerts.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Management", "description": "Initiative to deploy AMBA alerts relevant to the ALZ Management management group", "metadata": { - "version": "1.3.0", + "version": "1.3.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -17,7 +17,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitoring Resource Group Name", "description": "Name of the resource group to deploy the ALZ monitoring resources to" diff --git a/patterns/alz/policySetDefinitions/Deploy-NetworkChanges-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-NetworkChanges-Alerts.json index 5d0f842b7..0b8f9065c 100644 --- a/patterns/alz/policySetDefinitions/Deploy-NetworkChanges-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-NetworkChanges-Alerts.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Changes in Network Routing and Security", "description": "This initiative implements Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups.", "metadata": { - "version": "1.0.0", + "version": "1.0.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -17,7 +17,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" diff --git a/patterns/alz/policySetDefinitions/Deploy-Notification-Assets.json b/patterns/alz/policySetDefinitions/Deploy-Notification-Assets.json index f2ea921be..191f2605b 100644 --- a/patterns/alz/policySetDefinitions/Deploy-Notification-Assets.json +++ b/patterns/alz/policySetDefinitions/Deploy-Notification-Assets.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts - Notification Assets", "description": "This initiative deploys Notification Assets for Azure Monitor Baseline Alerts. This includes the setup of an Alert Processing Rule and an Action Group to manage notifications and actions, along with a Notification Suppression Rule to manage alert notifications, as well as a Notification Suppression Rule to control alert notifications.", "metadata": { - "version": "1.3.0", + "version": "1.3.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -17,7 +17,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "Resource Group Name", "description": "Name of the resource group to deploy the alerts to" diff --git a/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json index eb75ee5b3..07898d5f6 100644 --- a/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Service Health", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Service Health Events such as Service issues, Planned maintenance, Health advisories, Security advisories, and Resource health.", "metadata": { - "version": "1.5.0", + "version": "1.5.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -17,7 +17,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "Resource Group Name", "description": "Name of the resource group to deploy the alerts to" diff --git a/patterns/alz/policySetDefinitions/Deploy-Storage-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-Storage-Alerts.json index a6c3f7e9a..9af3eae7a 100644 --- a/patterns/alz/policySetDefinitions/Deploy-Storage-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-Storage-Alerts.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Storage", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Storage Services such as Storage accounts.", "metadata": { - "version": "1.0.0", + "version": "1.0.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -17,7 +17,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" diff --git a/patterns/alz/policySetDefinitions/Deploy-VM-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-VM-Alerts.json index 7b0558381..148a5d9d8 100644 --- a/patterns/alz/policySetDefinitions/Deploy-VM-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-VM-Alerts.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Virtual Machines", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines.", "metadata": { - "version": "1.0.0", + "version": "1.0.1", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -17,7 +17,7 @@ "parameters": { "ALZMonitorResourceGroupName": { "type": "String", - "defaultValue": "ALZ-Monitoring-RG", + "defaultValue": "rg-amba-monitoring-001", "metadata": { "displayName": "ALZ Monitor Resource Group Name", "description": "Name of the resource group where the ALZ Monitor resources will be deployed" diff --git a/patterns/alz/scripts/Remove-AMBADeployments.ps1 b/patterns/alz/scripts/Old scripts/Remove-AMBADeployments.ps1 similarity index 100% rename from patterns/alz/scripts/Remove-AMBADeployments.ps1 rename to patterns/alz/scripts/Old scripts/Remove-AMBADeployments.ps1 diff --git a/patterns/alz/scripts/Remove-AMBANotificationAssets.ps1 b/patterns/alz/scripts/Old scripts/Remove-AMBANotificationAssets.ps1 similarity index 100% rename from patterns/alz/scripts/Remove-AMBANotificationAssets.ps1 rename to patterns/alz/scripts/Old scripts/Remove-AMBANotificationAssets.ps1 diff --git a/patterns/alz/scripts/Start-AMBACleanup.ps1 b/patterns/alz/scripts/Old scripts/Start-AMBACleanup.ps1 similarity index 100% rename from patterns/alz/scripts/Start-AMBACleanup.ps1 rename to patterns/alz/scripts/Old scripts/Start-AMBACleanup.ps1 diff --git a/patterns/alz/scripts/Start-AMBAOldArpCleanup.ps1 b/patterns/alz/scripts/Old scripts/Start-AMBAOldArpCleanup.ps1 similarity index 100% rename from patterns/alz/scripts/Start-AMBAOldArpCleanup.ps1 rename to patterns/alz/scripts/Old scripts/Start-AMBAOldArpCleanup.ps1 diff --git a/patterns/alz/scripts/Start-AMBAPolicyInitiativesAndAssignmentsCleanup.ps1 b/patterns/alz/scripts/Old scripts/Start-AMBAPolicyInitiativesAndAssignmentsCleanup.ps1 similarity index 100% rename from patterns/alz/scripts/Start-AMBAPolicyInitiativesAndAssignmentsCleanup.ps1 rename to patterns/alz/scripts/Old scripts/Start-AMBAPolicyInitiativesAndAssignmentsCleanup.ps1 diff --git a/patterns/alz/scripts/Start-AMBA-ALZ-Maintenance.ps1 b/patterns/alz/scripts/Start-AMBA-ALZ-Maintenance.ps1 index b7f513d7e..b2ad11634 100644 --- a/patterns/alz/scripts/Start-AMBA-ALZ-Maintenance.ps1 +++ b/patterns/alz/scripts/Start-AMBA-ALZ-Maintenance.ps1 @@ -15,6 +15,7 @@ - remove ALL resources deployed by the AMBA-ALZ pattern (alerts, policy assignments, policy initiatives, policy definitions, and policy assignment role assignments) - remove ONLY the deployment entries of AMBA-ALZ happening at the pseudo root management group level - remove ONLY the notification assets (AGs and APRs) deployed by AMBA-ALZ + - remove ONLY the notification assets (AGs and APRs) deployed by AMBA-ALZ version older than 2024-03-01 - remove ONLY alerts deployed by the AMBA-ALZ pattern - remove ONLY policy assignments and role assignment created by the AMBA-ALZ deployment - remove ONLY policy definitions and policy initiatives created by the AMBA-ALZ deployment @@ -38,6 +39,7 @@ Required. The item type we want the script to clean up. The options are: - Amba-Alz - Deployments + - OldNotificationAssets - NotificationAssets - Alerts - PolicyAssignments @@ -57,6 +59,16 @@ # execute the script without asking for confirmation before taking the configured action. #> +# The following SuppressMessageAttribute entries are used to suppress PSScriptAnalyzer tests against known exceptions as per: +# https://github.com/powershell/psscriptanalyzer#suppressing-rules +[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSReviewUnusedParameter', '', Justification = 'False positive')] +[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', '', Justification = 'False positive')] +[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseApprovedVerbs', '', Justification = 'Approved verbs are not available for this scenario')] + +# Declaring required PowerShell modules and minimal versions +#Requires -Modules @{ ModuleName="Az.Accounts"; ModuleVersion="2.16.0" } +#Requires -Modules @{ ModuleName="Az.Resources"; ModuleVersion="6.16.0" } + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'High')] param( # the pseudo managemnt group to start from @@ -67,7 +79,7 @@ param( # the items to be cleaned-up [Parameter(Mandatory = $True, ValueFromPipeline = $false)] - [ValidateSet("Amba-Alz", "Deployments", "NotificationAssets", "OrphanedAlerts", "Alerts", "PolicyAssignments", "PolicyDefinitions", IgnoreCase = $true)] + [ValidateSet("Amba-Alz", "Deployments", "OldNotificationAssets", "NotificationAssets", "OrphanedAlerts", "Alerts", "PolicyAssignments", "PolicyDefinitions", IgnoreCase = $true)] [string]$cleanItems ) @@ -121,7 +133,12 @@ Function Search-AzGraphRecursive { Function Iterate-ManagementGroups($mg) { - [void]$script:managementGroups.Add($mg.Name) + # Assembling a custom object to create multidemnsional array + $row = [PSCustomObject]@{ + mgName = "$($mg.Name)" + mgId = "$($mg.Id)" + } + [void]$script:managementGroups.Add($row) if ($mg.Children) { foreach ($child in $mg.Children) { if ($child.Type -eq 'Microsoft.Management/managementGroups') { @@ -137,7 +154,7 @@ Function Iterate-ManagementGroups($mg) { Function Get-ALZ-Alerts { # get alert resources to delete $query = "Resources | where type in~ ('Microsoft.Insights/metricAlerts','Microsoft.Insights/activityLogAlerts', 'Microsoft.Insights/scheduledQueryRules') and tags['_deployed_by_amba'] =~ 'True' | project id" - $alertResourceIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique + $alertResourceIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.mgName | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "- Found '$($alertResourceIds.Count)' metric, activity log and log alerts with tag '_deployed_by_amba=True' to be deleted." -ForegroundColor Cyan # Returning items @@ -148,7 +165,7 @@ Function Get-ALZ-OrphanedAlerts { # get AMBA-ALZ alert resources $query = "Resources | where type in~ ('Microsoft.Insights/metricAlerts','Microsoft.Insights/activityLogAlerts', 'Microsoft.Insights/scheduledQueryRules') and tags['_deployed_by_amba'] =~ 'True' | project id, scope = tostring(properties.scopes)" - $alertResources = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups + $alertResources = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.mgName # get alerts without scoped resource existent If ($alertResources.count -gt 0) { @@ -157,7 +174,7 @@ Function Get-ALZ-OrphanedAlerts { <#ForEach ($alert in $alertResources) { $scope = $($alert.scope.replace('"]', '')).replace('["', '') $query = "Resources | where id =~ '$scope' | project id" - $resourceId = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups | Select-Object -ExpandProperty Id + $resourceId = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.mgName | Select-Object -ExpandProperty Id If (-NOT $resourceId) { $orphanedAlerts.add($alert.id) @@ -188,7 +205,7 @@ Function Get-ALZ-OrphanedAlerts { Function Get-ALZ-ResourceGroups { # get resource group to delete $query = "ResourceContainers | where type =~ 'microsoft.resources/subscriptions/resourcegroups' and tags['_deployed_by_amba'] =~ 'True' | project id" - $resourceGroupIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique + $resourceGroupIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.mgName | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "- Found '$($resourceGroupIds.Count)' resource groups with tag '_deployed_by_amba=True' to be deleted." -ForegroundColor Cyan # Returning items @@ -198,7 +215,7 @@ Function Get-ALZ-ResourceGroups { Function Get-ALZ-PolicyAssignments { # get policy assignments to delete $query = "policyresources | where type =~ 'microsoft.authorization/policyAssignments' | project name,metadata=parse_json(properties.metadata),type,identity,id | where metadata._deployed_by_amba =~ 'true'" - $policyAssignmentIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique + $policyAssignmentIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.mgName | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "- Found '$($policyAssignmentIds.Count)' policy assignments with metadata '_deployed_by_amba=True' to be deleted." -ForegroundColor Cyan # Returning items @@ -208,7 +225,7 @@ Function Get-ALZ-PolicyAssignments { Function Get-ALZ-PolicySetDefinitions { # get policy set definitions to delete $query = "policyresources | where type =~ 'microsoft.authorization/policysetdefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_amba =~ 'true' | project id" - $policySetDefinitionIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique + $policySetDefinitionIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.mgName | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "- Found '$($policySetDefinitionIds.Count)' policy set definitions with metadata '_deployed_by_amba=True' to be deleted." -ForegroundColor Cyan # Returning items @@ -218,7 +235,7 @@ Function Get-ALZ-PolicySetDefinitions { Function Get-ALZ-PolicyDefinitions { # get policy definitions to delete $query = "policyresources | where type =~ 'microsoft.authorization/policyDefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_amba =~ 'true' | project id" - $policyDefinitionIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique + $policyDefinitionIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.mgName | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "- Found '$($policyDefinitionIds.Count)' policy definitions with metadata '_deployed_by_amba=True' to be deleted." -ForegroundColor Cyan # Returning items @@ -229,7 +246,7 @@ Function Get-ALZ-PolicyDefinitions { Function Get-ALZ-UserAssignedManagedIdentities { # get user assigned managed identities to delete $query = "Resources | where type =~ 'Microsoft.ManagedIdentity/userAssignedIdentities' and tags['_deployed_by_amba'] =~ 'True' | project id, name, principalId = properties.principalId, tenantId, subscriptionId, resourceGroup" - $UamiIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups | Sort-Object -Property id | Get-Unique -AsString + $UamiIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.mgName | Sort-Object -Property id | Get-Unique -AsString Write-Host "- Found '$($UamiIds.Count)' user assigned managed identities with tag '_deployed_by_amba=True' to be deleted." -ForegroundColor Cyan # Returning items @@ -239,7 +256,7 @@ Function Get-ALZ-UserAssignedManagedIdentities { Function Get-ALZ-RoleAssignments { # get role assignments to delete $query = "authorizationresources | where type =~ 'microsoft.authorization/roleassignments' and properties.description == '_deployed_by_amba' | project roleDefinitionId = properties.roleDefinitionId, objectId = properties.principalId, scope = properties.scope, id" - $roleAssignments = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups | Sort-Object -Property id | Get-Unique -AsString + $roleAssignments = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.mgName | Sort-Object -Property id | Get-Unique -AsString Write-Host "- Found '$($roleAssignments.Count)' role assignments with description '_deployed_by_amba' to be deleted." -ForegroundColor Cyan # Returning items @@ -250,7 +267,7 @@ Function Get-ALZ-Deployments { # get deployments to delete $allDeployments = @() ForEach ($mg in $managementGroups) { - $deployments = Get-AzManagementGroupDeployment -ManagementGroupId "$mg" -WarningAction silentlyContinue | where { $_.DeploymentName.StartsWith("amba-") } + $deployments = Get-AzManagementGroupDeployment -ManagementGroupId "$($mg.mgName)" -WarningAction silentlyContinue | where { $_.DeploymentName.StartsWith("amba-") } $allDeployments += $deployments } Write-Host "- Found '$($allDeployments.Count)' deployments for AMBA-ALZ pattern with name starting with 'amba-' performed on the '$pseudoRootManagementGroup' Management Group hierarchy." -ForegroundColor Cyan @@ -263,7 +280,7 @@ Function Get-ALZ-AlertProcessingRules { # get alert processing rules to delete #$query = "resources | where type =~ 'Microsoft.AlertsManagement/actionRules' | where tags['_deployed_by_amba'] =~ 'True'| project id" $query = "resources | where type =~ 'Microsoft.AlertsManagement/actionRules' | where name startswith 'apr-AMBA-' and properties.description startswith 'AMBA Notification Assets - ' and tags['_deployed_by_amba'] =~ 'True'| project id" - $alertProcessingRuleIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique + $alertProcessingRuleIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.mgName | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "- Found '$($alertProcessingRuleIds.Count)' alert processing rule(s) with tag '_deployed_by_amba=True' to be deleted." -ForegroundColor Cyan # Returning items @@ -273,20 +290,40 @@ Function Get-ALZ-AlertProcessingRules { Function Get-ALZ-ActionGroups { # get action groups to delete $query = "resources | where type =~ 'Microsoft.Insights/actionGroups' | where tags['_deployed_by_amba'] =~ 'True' | project id" - $actionGroupIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique + $actionGroupIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.mgName | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "- Found '$($actionGroupIds.Count)' action group(s) with tag '_deployed_by_amba=True' to be deleted." -ForegroundColor Cyan # Returning items $actionGroupIds } +Function Get-ALZ-OldAlertProcessingRules { + # get alert processing rules to delete + $query = "resources | where type =~ 'Microsoft.AlertsManagement/actionRules' | where name == 'AMBA Alert Processing Rule' and properties.description == 'AMBA Alert Processing Rule for Subscription' and tags['_deployed_by_amba'] =~ 'True'| project id" + $oldAlertProcessingRuleIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.mgName | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique + Write-Host "- Found '$($oldAlertProcessingRuleIds.Count)' alert processing rule(s) with description 'AMBA Alert Processing Rule for Subscription' and tag '_deployed_by_amba=True' to be deleted." -ForegroundColor Cyan + + # Returning items + $oldAlertProcessingRuleIds +} + +Function Get-ALZ-OldActionGroups { + # get action groups to delete + $query = "resources | where type =~ 'Microsoft.Insights/actionGroups' | where tags['_deployed_by_amba'] =~ 'True' | project id" + $oldActionGroupIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.mgName | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique + Write-Host "- Found '$($oldActionGroupIds.Count)' action group(s) with name 'AmbaActionGr', short name 'AmbaActionGr' and tag '_deployed_by_amba=True' to be deleted." -ForegroundColor Cyan + + # Returning items + $oldActionGroupIds +} + #endregion #region Delete functions Function Delete-ALZ-Alerts($fAlertsToBeDeleted) { # delete alert resources - Write-Host "`n-- Deleting alerts ..." -foregroundcolor Yellow + Write-Host "`n-- Deleting alerts ..." -ForegroundColor Yellow $fAlertsToBeDeleted | Foreach-Object -Parallel { Remove-AzResource -ResourceId $_ -Force } | Out-Null Write-Host "---- Done deleting alerts ..." -ForegroundColor Cyan } @@ -294,72 +331,73 @@ Function Delete-ALZ-Alerts($fAlertsToBeDeleted) Function Delete-ALZ-ResourceGroups($fRgToBeDeleted) { # delete resource groups - Write-Host "`n-- Deleting resource groups ..." -foregroundcolor Yellow + Write-Host "`n-- Deleting resource groups ..." -ForegroundColor Yellow $fRgToBeDeleted | ForEach-Object { Remove-AzResourceGroup -ResourceGroupId $_ -Confirm:$false } | Out-Null - Write-Host "---- Done deleting resource groups ..." -foregroundcolor Cyan + Write-Host "---- Done deleting resource groups ..." -ForegroundColor Cyan } Function Delete-ALZ-PolicyAssignments($fPolicyAssignmentsToBeDeleted) { # delete policy assignments - Write-Host "`n-- Deleting policy assignments ..." -foregroundcolor Yellow + Write-Host "`n-- Deleting policy assignments ..." -ForegroundColor Yellow $fPolicyAssignmentsToBeDeleted | ForEach-Object -Parallel { Remove-AzPolicyAssignment -Id $_ -Confirm:$false -ErrorAction Stop } | Out-Null - Write-Host "---- Done policy assignments ..." -foregroundcolor Cyan + Write-Host "---- Done policy assignments ..." -ForegroundColor Cyan } + Function Delete-ALZ-PolicySetDefinitions($fPolicySetDefinitionsToBeDeleted) { # delete policy set definitions - Write-Host "`n-- Deleting policy set definitions ..." -foregroundcolor Yellow + Write-Host "`n-- Deleting policy set definitions ..." -ForegroundColor Yellow $fPolicySetDefinitionsToBeDeleted | ForEach-Object -Parallel { Remove-AzPolicySetDefinition -Id $_ -Force } | Out-Null - Write-Host "---- Done deleting policy set definitions ..." -foregroundcolor Cyan + Write-Host "---- Done deleting policy set definitions ..." -ForegroundColor Cyan } Function Delete-ALZ-PolicyDefinitions($fPolicyDefinitionsToBeDeleted) { # delete policy definitions - Write-Host "`n-- Deleting policy definitions ..." -foregroundcolor Yellow + Write-Host "`n-- Deleting policy definitions ..." -ForegroundColor Yellow $fPolicyDefinitionsToBeDeleted | ForEach-Object -Parallel { Remove-AzPolicyDefinition -Id $_ -Force } | Out-Null - Write-Host "---- Done deleting policy definitions ..." -foregroundcolor Cyan + Write-Host "---- Done deleting policy definitions ..." -ForegroundColor Cyan } Function Delete-ALZ-RoleAssignments($fRoleAssignmentsToBeDeleted) { # delete role assignments - Write-Host "`n-- Deleting role assignments ..." -foregroundcolor Yellow + Write-Host "`n-- Deleting role assignments ..." -ForegroundColor Yellow $fRoleAssignmentsToBeDeleted | Select-Object -Property objectId, roleDefinitionId, scope | ForEach-Object -Parallel { Remove-AzRoleAssignment @psItem -Confirm:$false } | Out-Null - Write-Host "---- Done deleting role assignments ..." -foregroundcolor Cyan + Write-Host "---- Done deleting role assignments ..." -ForegroundColor Cyan } Function Delete-ALZ-UserAssignedManagedIdentities($fUamiToBeDeleted) { # delete user assigned managed identities - Write-Host "`n-- Deleting user assigned managed identities ..." -foregroundcolor Yellow + Write-Host "`n-- Deleting user assigned managed identities ..." -ForegroundColor Yellow $fUamiToBeDeleted | ForEach-Object -Parallel { Remove-AzUserAssignedIdentity -ResourceGroupName $_.resourceGroup -Name $_.name -SubscriptionId $_.subscriptionId -Confirm:$false } | Out-Null - Write-Host "---- Done deleting user assigned managed identities ..." -foregroundcolor Cyan + Write-Host "---- Done deleting user assigned managed identities ..." -ForegroundColor Cyan } Function Delete-ALZ-AlertProcessingRules($fAprToBeDeleted) { # delete alert processing rules - Write-Host "`n-- Deleting alert processing rules ..." -foregroundcolor Yellow + Write-Host "`n-- Deleting alert processing rules ..." -ForegroundColor Yellow $fAprToBeDeleted | Foreach-Object -Parallel { Remove-AzResource -ResourceId $_ -Force } | Out-Null - Write-Host "---- Done deleting alert processing rules ..." -foregroundcolor Cyan + Write-Host "---- Done deleting alert processing rules ..." -ForegroundColor Cyan } Function Delete-ALZ-ActionGroups($fAgToBeDeleted) { # delete action groups - Write-Host "`n-- Deleting action groups ..." -foregroundcolor Yellow + Write-Host "`n-- Deleting action groups ..." -ForegroundColor Yellow $fAgToBeDeleted | Foreach-Object -Parallel { Remove-AzResource -ResourceId $_ -Force } | Out-Null - Write-Host "---- Done deleting action groups ..." -foregroundcolor Cyan + Write-Host "---- Done deleting action groups ..." -ForegroundColor Cyan } Function Delete-ALZ-Deployments($fDeploymentsToBeDeleted) { # delete deployments - Write-Host "`n-- Deleting deployments ..." -foregroundcolor Yellow + Write-Host "`n-- Deleting deployments ..." -ForegroundColor Yellow $fDeploymentsToBeDeleted | ForEach-Object -Parallel { Remove-AzManagementGroupDeployment -InputObject $_ -WarningAction silentlyContinue } -throttlelimit 100 | Out-Null - Write-Host "---- Done deleting deployments ..." -foregroundcolor Cyan + Write-Host "---- Done deleting deployments ..." -ForegroundColor Cyan } #endregion @@ -498,6 +536,26 @@ Switch ($cleanItems) } } + "OldNotificationAssets" + { + # Invoking function to retrieve action groups + $oldAgToBeDeleted = Get-ALZ-OldActionGroups + + # Invoking function to retrieve alert processing rules + $oldAprToBeDeleted = Get-ALZ-OldAlertProcessingRules + + If (($oldAprToBeDeleted.count -gt 0) -or ($oldAgToBeDeleted.count -gt 0)) { + If ($PSCmdlet.ShouldProcess($pseudoRootManagementGroup, "Delete Old AMBA-ALZ alert processing rules and action groups on the '$pseudoRootManagementGroup' Management Group hierarchy ..." )) { + + # Invoking function to delete alert processing rules + If ($oldAprToBeDeleted.count -gt 0) { Delete-ALZ-AlertProcessingRules -fAprToBeDeleted $oldAprToBeDeleted } + + # Invoking function to delete action groups + If ($oldAgToBeDeleted.count -gt 0) { Delete-ALZ-ActionGroups -fAgToBeDeleted $oldAgToBeDeleted } + } + } + } + "Alerts" { # Invoking function to retrieve alerts diff --git a/patterns/alz/scripts/Start-AMBARemediation.ps1 b/patterns/alz/scripts/Start-AMBARemediation.ps1 index 7226acd92..2a6da5fb7 100644 --- a/patterns/alz/scripts/Start-AMBARemediation.ps1 +++ b/patterns/alz/scripts/Start-AMBARemediation.ps1 @@ -24,18 +24,21 @@ Run the following commands to initiate remediation: - .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $pseudoRootManagementGroup -policyName Notification-Assets - .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $pseudoRootManagementGroup -policyName Alerting-ServiceHealth - .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $connectivityManagementGroup -policyName Alerting-Connectivity - .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $identityManagementGroup -policyName Alerting-Identity - .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $managementManagementGroup -policyName Alerting-Management - .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-KeyManagement - .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-LoadBalancing - .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-NetworkChanges - .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-HybridVM - .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-Storage - .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-VM - .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-Web + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $pseudoRootManagementGroup -policyName Notification-Assets + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $pseudoRootManagementGroup -policyName Alerting-ServiceHealth + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $platformManagementGroup -policyName Alerting-HybridVM + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $platformManagementGroup -policyName Alerting-VM + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $connectivityManagementGroup -policyName Alerting-Connectivity + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $identityManagementGroup -policyName Alerting-Identity + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $managementManagementGroup -policyName Alerting-Management + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-KeyManagement + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-LoadBalancing + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-NetworkChanges + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-RecoveryServices + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-Storage + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-HybridVM + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-VM + .\patterns\alz\scripts\Start-AMBA-ALZ-Remediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-Web .LINK https://azure.github.io/azure-monitor-baseline-alerts/patterns/alz/deploy/Remediate-Policies/