Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

💡 Feature Request - Policy assignments for private DNS records #137

Closed
JimmyKarlsson112 opened this issue Feb 9, 2022 · 5 comments · Fixed by #400
Closed

💡 Feature Request - Policy assignments for private DNS records #137

JimmyKarlsson112 opened this issue Feb 9, 2022 · 5 comments · Fixed by #400

Comments

@JimmyKarlsson112
Copy link

JimmyKarlsson112 commented Feb 9, 2022
edited by jtracey93
Loading

Describe the solution you'd like

Support for private DNS records auto creation in central connectivity subscription and of creation of private DNS zones in Corp landing zone. Docs: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/private-link-and-dns-integration-at-scale

Describe alternatives you've considered

Policy Definitions are in place. Could be good to have a feature toggle (true & false). Support for multi-region would be great but for first iteration one region would suffice.

Additional context

Add any other context or screenshots about the feature request here. 📷

@ghost ghost added the Needs: Triage 🔍 Needs triaging by the team label Feb 9, 2022
@JimmyKarlsson112 JimmyKarlsson112 changed the title 💡 Feature Request - PLEASE CHANGE ME TO SOMETHING DESCRIPTIVE 💡 Feature Request - Policy assignments for private DNS records Feb 9, 2022
@jtracey93 jtracey93 self-assigned this Feb 9, 2022
@jtracey93
Copy link
Collaborator

Thanks for raising this @JimmyKarlsson112, as discussed offline this is something we are already aware of and will start working on soon.

Stay tuned for a new release 👍

@jtracey93 jtracey93 added Area: Networking and removed Needs: Triage 🔍 Needs triaging by the team labels Feb 9, 2022
@cloudchristoph cloudchristoph mentioned this issue Feb 25, 2022
Closed
@jtracey93 jtracey93 assigned ejhenry and unassigned jtracey93 Mar 3, 2022
@cloudchristoph
Copy link
Contributor

Just FYI:

I've used policy-based deployments for Private Link DNS zones in the past. The goal was to have auto-deployment policies for all Private DNS records regarding Private Link.

Some of the 'auto-deploy-dns-entry' policies suggested by the responsible Azure Resource Team collides with other policies, because of the way that 'subgroup' is addressed in some policies.
See this open issue: Azure/azure-policy#858

There could be more of those issues. Just wanna let you know before implementation.

@jtracey93
Copy link
Collaborator

Just FYI:

I've used policy-based deployments for Private Link DNS zones in the past. The goal was to have auto-deployment policies for all Private DNS records regarding Private Link.

Some of the 'auto-deploy-dns-entry' policies suggested by the responsible Azure Resource Team collides with other policies, because of the way that 'subgroup' is addressed in some policies. See this open issue: Azure/azure-policy#858

There could be more of those issues. Just wanna let you know before implementation.

Thanks @cloudchristoph, good spot was talking to a customer and colleague about this just last week (@matt-FFFFFF). You indeed found the fix by including the following in the if condition of the policy to further narrow the PE mapping to a service:

{
  field: "Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId",
  contains: "Microsoft.CognitiveServices/accounts" //change this to the associated service you require
}

@jtracey93
Copy link
Collaborator

Ado sync

@jtracey93 jtracey93 assigned ejhenry and unassigned ejhenry Sep 7, 2022
@jtracey93
Copy link
Collaborator

ADO 25171

jtracey93 added a commit that referenced this issue Nov 28, 2022
@jtracey93
fix 💡 Feature Request - Policy assignments for private DNS records #137
ea08efb
@jtracey93 jtracey93 linked a pull request Nov 28, 2022 that will close this issue
Update Policy Library (automated) #400
Merged
jtracey93 added a commit that referenced this issue Nov 28, 2022
@github-actions @actions-user @jtracey93
Update Policy Library (automated) (#400)
fe5fbf5 
* Update Policy Library (automated)

* Update defs public module

* fix 💡 Feature Request - Policy assignments for private DNS records #137

* Generate Parameter Markdowns [jtracey93/3d9073b1]

* add path filter to docs action

* update param files and tests

* update test

* update script and test

* fix missing dns zone mappings

* fix IoT casing

Co-authored-by: github-actions <action@github.com>
Co-authored-by: Jack Tracey <jack@jacktracey.co.uk>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
@ghost ghost locked as resolved and limited conversation to collaborators Dec 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Policy Library (automated) Azure/ALZ-Bicep
4 participants
@cloudchristoph @jtracey93 @ejhenry @JimmyKarlsson112