diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a4d89087a..0859add3c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,3 +7,6 @@ updates: labels: - "Type: Hygiene :broom:" - "Needs: Attention :wave:" + commit-message: + prefix: 'build: ' + diff --git a/accelerator/.config/ALZ-Powershell-Auto.config.json b/accelerator/.config/ALZ-Powershell-Auto.config.json index 9e37da45a..e85d68158 100644 --- a/accelerator/.config/ALZ-Powershell-Auto.config.json +++ b/accelerator/.config/ALZ-Powershell-Auto.config.json @@ -304,6 +304,10 @@ "Name": "parVirtualWanHubs.value[0].parHubLocation", "Destination": "Parameters" }, + { + "Name": "parPrivateDnsZonesLocation.value", + "Destination": "Parameters" + }, { "Name": "LOCATION", "Destination": "Environment" diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep index 841335024..3bc659152 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep @@ -98,6 +98,9 @@ param parDdosProtectionPlanId string = '' @description('Resource ID of the Resource Group for Private DNS Zones. Empty to skip assigning the Deploy-Private-DNS-Zones policy.') param parPrivateDnsResourceGroupId string = '' +@description('Location of Private DNS Zones.') +param parPrivateDnsZonesLocation string = '' + @description('List of Private DNS Zones to audit under the Corp Management Group. This overwrites default values.') param parPrivateDnsZonesNamesToAuditInCorp array = [] @@ -532,60 +535,136 @@ var varPrivateDnsZonesResourceGroupSubscriptionId = !empty(parPrivateDnsResource var varPrivateDnsZonesBaseResourceId = '${parPrivateDnsResourceGroupId}/providers/Microsoft.Network/privateDnsZones/' +var varGeoCodes = { + australiacentral: 'acl' + australiacentral2: 'acl2' + australiaeast: 'ae' + australiasoutheast: 'ase' + brazilsoutheast: 'bse' + brazilsouth: 'brs' + canadacentral: 'cnc' + canadaeast: 'cne' + centralindia: 'inc' + centralus: 'cus' + centraluseuap: 'ccy' + chilecentral: 'clc' + eastasia: 'ea' + eastus: 'eus' + eastus2: 'eus2' + eastus2euap: 'ecy' + francecentral: 'frc' + francesouth: 'frs' + germanynorth: 'gn' + germanywestcentral: 'gwc' + israelcentral: 'ilc' + italynorth: 'itn' + japaneast: 'jpe' + japanwest: 'jpw' + koreacentral: 'krc' + koreasouth: 'krs' + malaysiasouth: 'mys' + malaysiawest: 'myw' + mexicocentral: 'mxc' + newzealandnorth: 'nzn' + northcentralus: 'ncus' + northeurope: 'ne' + norwayeast: 'nwe' + norwaywest: 'nww' + polandcentral: 'plc' + qatarcentral: 'qac' + southafricanorth: 'san' + southafricawest: 'saw' + southcentralus: 'scus' + southeastasia: 'sea' + southindia: 'ins' + spaincentral: 'spc' + swedencentral: 'sdc' + swedensouth: 'sds' + switzerlandnorth: 'szn' + switzerlandwest: 'szw' + taiwannorth: 'twn' + uaecentral: 'uac' + uaenorth: 'uan' + uksouth: 'uks' + ukwest: 'ukw' + westcentralus: 'wcus' + westeurope: 'we' + westindia: 'inw' + westus: 'wus' + westus2: 'wus2' + westus3: 'wus3' +} + +var varSelectedGeoCode = !empty(parPrivateDnsZonesLocation) ? varGeoCodes[parPrivateDnsZonesLocation] : null + var varPrivateDnsZonesFinalResourceIds = { - azureFilePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.afs.azure.net' - azureAutomationWebhookPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azure-automation.net' + azureAcrPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azurecr.io' + azureAppPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azconfig.io' + azureAppServicesPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azurewebsites.net' + azureArcGuestconfigurationPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.guestconfiguration.azure.com' + azureArcHybridResourceProviderPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.his.arc.azure.com' + azureArcKubernetesConfigurationPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.dp.kubernetesconfiguration.azure.com' + azureAsrPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.siterecovery.windowsazure.com' azureAutomationDSCHybridPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azure-automation.net' - azureCosmosSQLPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.documents.azure.com' - azureCosmosMongoPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.mongo.cosmos.azure.com' + azureAutomationWebhookPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azure-automation.net' + azureBatchPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.batch.azure.com' + azureBotServicePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.directline.botframework.com' + azureCognitiveSearchPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.search.windows.net' + azureCognitiveServicesPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.cognitiveservices.azure.com' azureCosmosCassandraPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.cassandra.cosmos.azure.com' azureCosmosGremlinPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.gremlin.cosmos.azure.com' + azureCosmosMongoPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.mongo.cosmos.azure.com' + azureCosmosSQLPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.documents.azure.com' azureCosmosTablePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.table.cosmos.azure.com' - azureDataFactoryPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.datafactory.azure.net' azureDataFactoryPortalPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.adf.azure.com' + azureDataFactoryPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.datafactory.azure.net' azureDatabricksPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azuredatabricks.net' + azureDiskAccessPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.blob.core.windows.net' + azureEventGridDomainsPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.eventgrid.azure.net' + azureEventGridTopicsPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.eventgrid.azure.net' + azureEventHubNamespacePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.servicebus.windows.net' + azureFilePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.afs.azure.net' azureHDInsightPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azurehdinsight.net' - azureMigratePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.prod.migration.windowsazure.com' - azureStorageBlobPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.blob.core.windows.net' - azureStorageBlobSecPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.blob.core.windows.net' - azureStorageQueuePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.queue.core.windows.net' - azureStorageQueueSecPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.queue.core.windows.net' - azureStorageFilePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.file.core.windows.net' - azureStorageStaticWebPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.web.core.windows.net' - azureStorageStaticWebSecPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.web.core.windows.net' - azureStorageDFSPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.dfs.core.windows.net' - azureStorageDFSSecPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.dfs.core.windows.net' - azureSynapseSQLPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.sql.azuresynapse.net' - azureSynapseSQLODPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.sql.azuresynapse.net' - azureSynapseDevPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.dev.azuresynapse.net' + azureIotCentralPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azureiotcentral.com' + azureIotDeviceupdatePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azure-devices.net' + azureIotHubsPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azure-devices.net' + azureIotPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azure-devices-provisioning.net' + azureKeyVaultPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.vaultcore.azure.net' + azureMachineLearningWorkspacePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.api.azureml.ms' + azureMachineLearningWorkspaceSecondPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.notebooks.azure.net' + azureManagedGrafanaWorkspacePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.grafana.azure.com' azureMediaServicesKeyPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.media.azure.net' azureMediaServicesLivePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.media.azure.net' azureMediaServicesStreamPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.media.azure.net' + azureMigratePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.prod.migration.windowsazure.com' azureMonitorPrivateDnsZoneId1: '${varPrivateDnsZonesBaseResourceId}privatelink.monitor.azure.com' azureMonitorPrivateDnsZoneId2: '${varPrivateDnsZonesBaseResourceId}privatelink.oms.opinsights.azure.com' azureMonitorPrivateDnsZoneId3: '${varPrivateDnsZonesBaseResourceId}privatelink.ods.opinsights.azure.com' azureMonitorPrivateDnsZoneId4: '${varPrivateDnsZonesBaseResourceId}privatelink.agentsvc.azure-automation.net' azureMonitorPrivateDnsZoneId5: '${varPrivateDnsZonesBaseResourceId}privatelink.blob.core.windows.net' - azureWebPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.webpubsub.azure.com' - azureBatchPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.batch.azure.com' - azureAppPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azconfig.io' - azureAsrPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.siterecovery.windowsazure.com' - azureIotPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azure-devices-provisioning.net' - azureKeyVaultPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.vaultcore.azure.net' - azureSignalRPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.service.signalr.net' - azureAppServicesPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azurewebsites.net' - azureEventGridTopicsPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.eventgrid.azure.net' - azureDiskAccessPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.blob.core.windows.net' - azureCognitiveServicesPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.cognitiveservices.azure.com' - azureIotHubsPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azure-devices.net' - azureEventGridDomainsPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.eventgrid.azure.net' azureRedisCachePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.redis.cache.windows.net' - azureAcrPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.azurecr.io' - azureEventHubNamespacePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.servicebus.windows.net' - azureMachineLearningWorkspacePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.api.azureml.ms' - azureMachineLearningWorkspaceSecondPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.notebooks.azure.net' azureServiceBusNamespacePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.servicebus.windows.net' - azureCognitiveSearchPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.search.windows.net' + azureSignalRPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.service.signalr.net' + azureSiteRecoveryBackupPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.${varSelectedGeoCode}.backup.windowsazure.com' + azureSiteRecoveryBlobPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.blob.core.windows.net' + azureSiteRecoveryQueuePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.queue.core.windows.net' + azureStorageBlobPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.blob.core.windows.net' + azureStorageBlobSecPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.blob.core.windows.net' + azureStorageDFSPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.dfs.core.windows.net' + azureStorageDFSSecPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.dfs.core.windows.net' + azureStorageFilePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.file.core.windows.net' + azureStorageQueuePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.queue.core.windows.net' + azureStorageQueueSecPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.queue.core.windows.net' + azureStorageStaticWebPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.web.core.windows.net' + azureStorageStaticWebSecPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.web.core.windows.net' + azureStorageTablePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.table.core.windows.net' + azureStorageTableSecondaryPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.table.core.windows.net' + azureSynapseDevPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.dev.azuresynapse.net' + azureSynapseSQLPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.sql.azuresynapse.net' + azureSynapseSQLODPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.sql.azuresynapse.net' + azureVirtualDesktopHostpoolPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.wvd.microsoft.com' + azureVirtualDesktopWorkspacePrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.wvd.microsoft.com' + azureWebPrivateDnsZoneId: '${varPrivateDnsZonesBaseResourceId}privatelink.webpubsub.azure.com' } // **Scope** @@ -1962,20 +2041,44 @@ module modPolicyAssignmentConnDeployPrivateDnsZones '../../../policy/assignments parPolicyAssignmentDescription: varPolicyAssignmentDeployPrivateDNSZones.libDefinition.properties.description parPolicyAssignmentParameters: varPolicyAssignmentDeployPrivateDNSZones.libDefinition.properties.parameters parPolicyAssignmentParameterOverrides: { - azureFilePrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureFilePrivateDnsZoneId + azureAcrPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureAcrPrivateDnsZoneId } - azureAutomationWebhookPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureAutomationWebhookPrivateDnsZoneId + azureAppPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureAppPrivateDnsZoneId + } + azureAppServicesPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureAppServicesPrivateDnsZoneId + } + azureArcGuestconfigurationPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureArcGuestconfigurationPrivateDnsZoneId + } + azureArcHybridResourceProviderPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureArcHybridResourceProviderPrivateDnsZoneId + } + azureArcKubernetesConfigurationPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureArcKubernetesConfigurationPrivateDnsZoneId + } + azureAsrPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureAsrPrivateDnsZoneId } azureAutomationDSCHybridPrivateDnsZoneId: { value: varPrivateDnsZonesFinalResourceIds.azureAutomationDSCHybridPrivateDnsZoneId } - azureCosmosSQLPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureCosmosSQLPrivateDnsZoneId + azureAutomationWebhookPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureAutomationWebhookPrivateDnsZoneId } - azureCosmosMongoPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureCosmosMongoPrivateDnsZoneId + azureBatchPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureBatchPrivateDnsZoneId + } + azureBotServicePrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureBotServicePrivateDnsZoneId + } + azureCognitiveSearchPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureCognitiveSearchPrivateDnsZoneId + } + azureCognitiveServicesPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureCognitiveServicesPrivateDnsZoneId } azureCosmosCassandraPrivateDnsZoneId: { value: varPrivateDnsZonesFinalResourceIds.azureCosmosCassandraPrivateDnsZoneId @@ -1983,95 +2086,50 @@ module modPolicyAssignmentConnDeployPrivateDnsZones '../../../policy/assignments azureCosmosGremlinPrivateDnsZoneId: { value: varPrivateDnsZonesFinalResourceIds.azureCosmosGremlinPrivateDnsZoneId } + azureCosmosMongoPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureCosmosMongoPrivateDnsZoneId + } + azureCosmosSQLPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureCosmosSQLPrivateDnsZoneId + } azureCosmosTablePrivateDnsZoneId: { value: varPrivateDnsZonesFinalResourceIds.azureCosmosTablePrivateDnsZoneId } - azureDataFactoryPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureDataFactoryPrivateDnsZoneId - } azureDataFactoryPortalPrivateDnsZoneId: { value: varPrivateDnsZonesFinalResourceIds.azureDataFactoryPortalPrivateDnsZoneId } + azureDataFactoryPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureDataFactoryPrivateDnsZoneId + } azureDatabricksPrivateDnsZoneId: { value: varPrivateDnsZonesFinalResourceIds.azureDatabricksPrivateDnsZoneId } - azureHDInsightPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureHDInsightPrivateDnsZoneId - } - azureMigratePrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureMigratePrivateDnsZoneId - } - azureStorageBlobPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureStorageBlobPrivateDnsZoneId - } - azureStorageBlobSecPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureStorageBlobSecPrivateDnsZoneId - } - azureStorageQueuePrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureStorageQueuePrivateDnsZoneId - } - azureStorageQueueSecPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureStorageQueueSecPrivateDnsZoneId - } - azureStorageFilePrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureStorageFilePrivateDnsZoneId - } - azureStorageStaticWebPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureStorageStaticWebPrivateDnsZoneId - } - azureStorageStaticWebSecPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureStorageStaticWebSecPrivateDnsZoneId - } - azureStorageDFSPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureStorageDFSPrivateDnsZoneId - } - azureStorageDFSSecPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureStorageDFSSecPrivateDnsZoneId - } - azureSynapseSQLPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureSynapseSQLPrivateDnsZoneId - } - azureSynapseSQLODPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureSynapseSQLODPrivateDnsZoneId - } - azureSynapseDevPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureSynapseDevPrivateDnsZoneId - } - azureMediaServicesKeyPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureMediaServicesKeyPrivateDnsZoneId - } - azureMediaServicesLivePrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureMediaServicesLivePrivateDnsZoneId - } - azureMediaServicesStreamPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureMediaServicesStreamPrivateDnsZoneId - } - azureMonitorPrivateDnsZoneId1: { - value: varPrivateDnsZonesFinalResourceIds.azureMonitorPrivateDnsZoneId1 + azureDiskAccessPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureDiskAccessPrivateDnsZoneId } - azureMonitorPrivateDnsZoneId2: { - value: varPrivateDnsZonesFinalResourceIds.azureMonitorPrivateDnsZoneId2 + azureEventGridDomainsPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureEventGridDomainsPrivateDnsZoneId } - azureMonitorPrivateDnsZoneId3: { - value: varPrivateDnsZonesFinalResourceIds.azureMonitorPrivateDnsZoneId3 + azureEventGridTopicsPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureEventGridTopicsPrivateDnsZoneId } - azureMonitorPrivateDnsZoneId4: { - value: varPrivateDnsZonesFinalResourceIds.azureMonitorPrivateDnsZoneId4 + azureEventHubNamespacePrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureEventHubNamespacePrivateDnsZoneId } - azureMonitorPrivateDnsZoneId5: { - value: varPrivateDnsZonesFinalResourceIds.azureMonitorPrivateDnsZoneId5 + azureFilePrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureFilePrivateDnsZoneId } - azureWebPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureWebPrivateDnsZoneId + azureHDInsightPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureHDInsightPrivateDnsZoneId } - azureBatchPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureBatchPrivateDnsZoneId + azureIotCentralPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureIotCentralPrivateDnsZoneId } - azureAppPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureAppPrivateDnsZoneId + azureIotDeviceupdatePrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureIotDeviceupdatePrivateDnsZoneId } - azureAsrPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureAsrPrivateDnsZoneId + azureIotHubsPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureIotHubsPrivateDnsZoneId } azureIotPrivateDnsZoneId: { value: varPrivateDnsZonesFinalResourceIds.azureIotPrivateDnsZoneId @@ -2079,48 +2137,21 @@ module modPolicyAssignmentConnDeployPrivateDnsZones '../../../policy/assignments azureKeyVaultPrivateDnsZoneId: { value: varPrivateDnsZonesFinalResourceIds.azureKeyVaultPrivateDnsZoneId } - azureSignalRPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureSignalRPrivateDnsZoneId - } - azureAppServicesPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureAppServicesPrivateDnsZoneId - } - azureEventGridTopicsPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureEventGridTopicsPrivateDnsZoneId + azureMachineLearningWorkspacePrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureMachineLearningWorkspacePrivateDnsZoneId } - azureDiskAccessPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureDiskAccessPrivateDnsZoneId + azureManagedGrafanaWorkspacePrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureManagedGrafanaWorkspacePrivateDnsZoneId } - azureCognitiveServicesPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureCognitiveServicesPrivateDnsZoneId - } - azureIotHubsPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureIotHubsPrivateDnsZoneId + azureMediaServicesKeyPrivateDnsZoneId: { + value: varPrivateDnsZonesFinalResourceIds.azureMediaServicesKeyPrivateDnsZoneId } - azureEventGridDomainsPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureEventGridDomainsPrivateDnsZoneId + azureMonitorPrivateDnsZoneId1: { + value: varPrivateDnsZonesFinalResourceIds.azureMonitorPrivateDnsZoneId1 } azureRedisCachePrivateDnsZoneId: { value: varPrivateDnsZonesFinalResourceIds.azureRedisCachePrivateDnsZoneId } - azureAcrPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureAcrPrivateDnsZoneId - } - azureEventHubNamespacePrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureEventHubNamespacePrivateDnsZoneId - } - azureMachineLearningWorkspacePrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureMachineLearningWorkspacePrivateDnsZoneId - } - azureMachineLearningWorkspaceSecondPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureMachineLearningWorkspaceSecondPrivateDnsZoneId - } - azureServiceBusNamespacePrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureServiceBusNamespacePrivateDnsZoneId - } - azureCognitiveSearchPrivateDnsZoneId: { - value: varPrivateDnsZonesFinalResourceIds.azureCognitiveSearchPrivateDnsZoneId - } } parPolicyAssignmentIdentityType: varPolicyAssignmentDeployPrivateDNSZones.libDefinition.identity.type parPolicyAssignmentEnforcementMode: parDisableAlzDefaultPolicies ? 'DoNotEnforce' : varPolicyAssignmentDeployPrivateDNSZones.libDefinition.properties.enforcementMode diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/generateddocs/alzDefaultPolicyAssignments.bicep.md b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/generateddocs/alzDefaultPolicyAssignments.bicep.md index ef4ce4c5a..32417151c 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/generateddocs/alzDefaultPolicyAssignments.bicep.md +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/generateddocs/alzDefaultPolicyAssignments.bicep.md @@ -26,6 +26,7 @@ parMsDefenderForCloudEmailSecurityContact | No | Email address for Microso parDdosEnabled | No | Enable/disable DDoS Network Protection. True enforces Enable-DDoS-VNET policy; false disables. parDdosProtectionPlanId | No | Resource ID of the DDoS Protection Plan for Virtual Networks. parPrivateDnsResourceGroupId | No | Resource ID of the Resource Group for Private DNS Zones. Empty to skip assigning the Deploy-Private-DNS-Zones policy. +parPrivateDnsZonesLocation | No | Location of Private DNS Zones. parPrivateDnsZonesNamesToAuditInCorp | No | List of Private DNS Zones to audit under the Corp Management Group. This overwrites default values. parDisableAlzDefaultPolicies | No | Disable all default ALZ policies. parDisableSlzDefaultPolicies | No | Disable all default sovereign policies. @@ -178,6 +179,12 @@ Resource ID of the DDoS Protection Plan for Virtual Networks. Resource ID of the Resource Group for Private DNS Zones. Empty to skip assigning the Deploy-Private-DNS-Zones policy. +### parPrivateDnsZonesLocation + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Location of Private DNS Zones. + ### parPrivateDnsZonesNamesToAuditInCorp ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -307,6 +314,9 @@ Opt out of deployment telemetry. "parPrivateDnsResourceGroupId": { "value": "" }, + "parPrivateDnsZonesLocation": { + "value": "" + }, "parPrivateDnsZonesNamesToAuditInCorp": { "value": [] }, diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json index 17556fd5c..127a09341 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.all.json @@ -71,6 +71,9 @@ "parPrivateDnsResourceGroupId": { "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-alz-hub-networking-001" }, + "parPrivateDnsZonesLocation": { + "value": "eastus" + }, "parPrivateDnsZonesNamesToAuditInCorp": { "value": [] }, diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.min.json b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.min.json index 5651fe41a..9f615a632 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.min.json +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/parameters/alzDefaultPolicyAssignments.parameters.min.json @@ -35,8 +35,11 @@ "parMsDefenderForCloudEmailSecurityContact": { "value": "security_contact@replace_me.com" }, + "parPrivateDnsZonesLocation": { + "value": "eastus" + }, "parTelemetryOptOut": { - "value": false + "value": false } } } diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json index 4c76928f3..49e1efbda 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json @@ -13,164 +13,206 @@ "effect1": { "value": "deployIfNotExists" }, - "azureFilePrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureFilePrivateDnsZoneId]" + "azureAcrPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureAcrPrivateDnsZoneId" }, - "azureAutomationWebhookPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureAutomationWebhookPrivateDnsZoneId]" + "azureAppPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureAppPrivateDnsZoneId" + }, + "azureAppServicesPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureAppServicesPrivateDnsZoneId" + }, + "azureArcGuestconfigurationPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureArcGuestconfigurationPrivateDnsZoneId" + }, + "azureArcHybridResourceProviderPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureArcHybridResourceProviderPrivateDnsZoneId" + }, + "azureArcKubernetesConfigurationPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureArcKubernetesConfigurationPrivateDnsZoneId" + }, + "azureAsrPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureAsrPrivateDnsZoneId" }, "azureAutomationDSCHybridPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureAutomationDSCHybridPrivateDnsZoneId]" + "value": "${varPrivateDnsZonesFinalResourceIds}.azureAutomationDSCHybridPrivateDnsZoneId" }, - "azureCosmosSQLPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureCosmosSQLPrivateDnsZoneId]" + "azureAutomationWebhookPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureAutomationWebhookPrivateDnsZoneId" }, - "azureCosmosMongoPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureCosmosMongoPrivateDnsZoneId]" + "azureBatchPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureBatchPrivateDnsZoneId" + }, + "azureBotServicePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureBotServicePrivateDnsZoneId" + }, + "azureCognitiveSearchPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureCognitiveSearchPrivateDnsZoneId" + }, + "azureCognitiveServicesPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureCognitiveServicesPrivateDnsZoneId" }, "azureCosmosCassandraPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureCosmosCassandraPrivateDnsZoneId]" + "value": "${varPrivateDnsZonesFinalResourceIds}.azureCosmosCassandraPrivateDnsZoneId" }, "azureCosmosGremlinPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureCosmosGremlinPrivateDnsZoneId]" + "value": "${varPrivateDnsZonesFinalResourceIds}.azureCosmosGremlinPrivateDnsZoneId" }, - "azureCosmosTablePrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureCosmosTablePrivateDnsZoneId]" + "azureCosmosMongoPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureCosmosMongoPrivateDnsZoneId" }, - "azureDataFactoryPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureDataFactoryPrivateDnsZoneId]" + "azureCosmosSQLPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureCosmosSQLPrivateDnsZoneId" + }, + "azureCosmosTablePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureCosmosTablePrivateDnsZoneId" }, "azureDataFactoryPortalPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureDataFactoryPortalPrivateDnsZoneId]" + "value": "${varPrivateDnsZonesFinalResourceIds}.azureDataFactoryPortalPrivateDnsZoneId" + }, + "azureDataFactoryPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureDataFactoryPrivateDnsZoneId" }, "azureDatabricksPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureDatabricksPrivateDnsZoneId]" + "value": "${varPrivateDnsZonesFinalResourceIds}.azureDatabricksPrivateDnsZoneId" }, - "azureHDInsightPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureHDInsightPrivateDnsZoneId]" + "azureDiskAccessPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureDiskAccessPrivateDnsZoneId" }, - "azureMigratePrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureMigratePrivateDnsZoneId]" + "azureEventGridDomainsPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureEventGridDomainsPrivateDnsZoneId" }, - "azureStorageBlobPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageBlobPrivateDnsZoneId]" + "azureEventGridTopicsPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureEventGridTopicsPrivateDnsZoneId" }, - "azureStorageBlobSecPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageBlobSecPrivateDnsZoneId]" + "azureEventHubNamespacePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureEventHubNamespacePrivateDnsZoneId" }, - "azureStorageQueuePrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageQueuePrivateDnsZoneId]" + "azureFilePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureFilePrivateDnsZoneId" }, - "azureStorageQueueSecPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageQueueSecPrivateDnsZoneId]" + "azureHDInsightPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureHDInsightPrivateDnsZoneId" }, - "azureStorageFilePrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageFilePrivateDnsZoneId]" + "azureIotCentralPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureIotCentralPrivateDnsZoneId" }, - "azureStorageStaticWebPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageStaticWebPrivateDnsZoneId]" + "azureIotDeviceupdatePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureIotDeviceupdatePrivateDnsZoneId" }, - "azureStorageStaticWebSecPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageStaticWebSecPrivateDnsZoneId]" + "azureIotHubsPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureIotHubsPrivateDnsZoneId" }, - "azureStorageDFSPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageDFSPrivateDnsZoneId]" + "azureIotPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureIotPrivateDnsZoneId" }, - "azureStorageDFSSecPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageDFSSecPrivateDnsZoneId]" + "azureKeyVaultPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureKeyVaultPrivateDnsZoneId" }, - "azureSynapseSQLPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureSynapseSQLPrivateDnsZoneId]" + "azureMachineLearningWorkspacePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureMachineLearningWorkspacePrivateDnsZoneId" }, - "azureSynapseSQLODPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureSynapseSQLODPrivateDnsZoneId]" + "azureMachineLearningWorkspaceSecondPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureMachineLearningWorkspaceSecondPrivateDnsZoneId" }, - "azureSynapseDevPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureSynapseDevPrivateDnsZoneId]" + "azureManagedGrafanaWorkspacePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureManagedGrafanaWorkspacePrivateDnsZoneId" }, "azureMediaServicesKeyPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureMediaServicesKeyPrivateDnsZoneId]" + "value": "${varPrivateDnsZonesFinalResourceIds}.azureMediaServicesKeyPrivateDnsZoneId" }, "azureMediaServicesLivePrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureMediaServicesLivePrivateDnsZoneId]" + "value": "${varPrivateDnsZonesFinalResourceIds}.azureMediaServicesLivePrivateDnsZoneId" }, "azureMediaServicesStreamPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureMediaServicesStreamPrivateDnsZoneId]" + "value": "${varPrivateDnsZonesFinalResourceIds}.azureMediaServicesStreamPrivateDnsZoneId" + }, + "azureMigratePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureMigratePrivateDnsZoneId" }, "azureMonitorPrivateDnsZoneId1": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureMonitorPrivateDnsZoneId1]" + "value": "${varPrivateDnsZonesFinalResourceIds}.azureMonitorPrivateDnsZoneId1" }, "azureMonitorPrivateDnsZoneId2": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureMonitorPrivateDnsZoneId2]" + "value": "${varPrivateDnsZonesFinalResourceIds}.azureMonitorPrivateDnsZoneId2" }, "azureMonitorPrivateDnsZoneId3": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureMonitorPrivateDnsZoneId3]" + "value": "${varPrivateDnsZonesFinalResourceIds}.azureMonitorPrivateDnsZoneId3" }, "azureMonitorPrivateDnsZoneId4": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureMonitorPrivateDnsZoneId4]" + "value": "${varPrivateDnsZonesFinalResourceIds}.azureMonitorPrivateDnsZoneId4" }, "azureMonitorPrivateDnsZoneId5": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureMonitorPrivateDnsZoneId5]" + "value": "${varPrivateDnsZonesFinalResourceIds}.azureMonitorPrivateDnsZoneId5" }, - "azureWebPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureWebPrivateDnsZoneId]" + "azureRedisCachePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureRedisCachePrivateDnsZoneId" }, - "azureBatchPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureBatchPrivateDnsZoneId]" + "azureServiceBusNamespacePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureServiceBusNamespacePrivateDnsZoneId" }, - "azureAppPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureAppPrivateDnsZoneId]" + "azureSignalRPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureSignalRPrivateDnsZoneId" }, - "azureAsrPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureAsrPrivateDnsZoneId]" + "azureSiteRecoveryBackupPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureSiteRecoveryBackupPrivateDnsZoneId" }, - "azureIotPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureIotPrivateDnsZoneId]" + "azureSiteRecoveryBlobPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureSiteRecoveryBlobPrivateDnsZoneId" }, - "azureKeyVaultPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureKeyVaultPrivateDnsZoneId]" + "azureSiteRecoveryQueuePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureSiteRecoveryQueuePrivateDnsZoneId" }, - "azureSignalRPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureSignalRPrivateDnsZoneId]" + "azureStorageBlobPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageBlobPrivateDnsZoneId" }, - "azureAppServicesPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureAppServicesPrivateDnsZoneId]" + "azureStorageBlobSecPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageBlobSecPrivateDnsZoneId" }, - "azureEventGridTopicsPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureEventGridTopicsPrivateDnsZoneId]" + "azureStorageDFSPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageDFSPrivateDnsZoneId" }, - "azureDiskAccessPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureDiskAccessPrivateDnsZoneId]" + "azureStorageDFSSecPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageDFSSecPrivateDnsZoneId" }, - "azureCognitiveServicesPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureCognitiveServicesPrivateDnsZoneId]" + "azureStorageFilePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageFilePrivateDnsZoneId" }, - "azureIotHubsPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureIotHubsPrivateDnsZoneId]" + "azureStorageQueuePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageQueuePrivateDnsZoneId" }, - "azureEventGridDomainsPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureEventGridDomainsPrivateDnsZoneId]" + "azureStorageQueueSecPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageQueueSecPrivateDnsZoneId" }, - "azureRedisCachePrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureRedisCachePrivateDnsZoneId]" + "azureStorageStaticWebPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageStaticWebPrivateDnsZoneId" }, - "azureAcrPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureAcrPrivateDnsZoneId]" + "azureStorageStaticWebSecPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageStaticWebSecPrivateDnsZoneId" }, - "azureEventHubNamespacePrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureEventHubNamespacePrivateDnsZoneId]" + "azureStorageTablePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageTablePrivateDnsZoneId" }, - "azureMachineLearningWorkspacePrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureMachineLearningWorkspacePrivateDnsZoneId]" + "azureStorageTableSecondaryPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureStorageTableSecondaryPrivateDnsZoneId" }, - "azureMachineLearningWorkspaceSecondPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureMachineLearningWorkspaceSecondPrivateDnsZoneId]" + "azureSynapseDevPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureSynapseDevPrivateDnsZoneId" }, - "azureServiceBusNamespacePrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureServiceBusNamespacePrivateDnsZoneId]" + "azureSynapseSQLPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureSynapseSQLPrivateDnsZoneId" }, - "azureCognitiveSearchPrivateDnsZoneId": { - "value": "${varPrivateDnsZonesFinalResourceIds}.azureCognitiveSearchPrivateDnsZoneId]" + "azureSynapseSQLODPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureSynapseSQLODPrivateDnsZoneId" + }, + "azureVirtualDesktopHostpoolPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureVirtualDesktopHostpoolPrivateDnsZoneId" + }, + "azureVirtualDesktopWorkspacePrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureVirtualDesktopWorkspacePrivateDnsZoneId" + }, + "azureWebPrivateDnsZoneId": { + "value": "${varPrivateDnsZonesFinalResourceIds}.azureWebPrivateDnsZoneId" } }, "policyDefinitionId": "${varTopLevelManagementGroupResourceId}/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones",