From 4d983f7780dbb514c254dc331b71b89f476a2c86 Mon Sep 17 00:00:00 2001
From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
Date: Mon, 17 Jun 2024 13:01:21 +0100
Subject: [PATCH] feat!: ama (#968)
---
README.md | 66 +-
_README_header.md | 9 +-
...ectivity-Resources-With-Custom-Settings.md | 2 +-
...Examples]-Deploy-Connectivity-Resources.md | 2 +-
...]-Deploy-Custom-Landing-Zone-Archetypes.md | 2 +-
...[Examples]-Deploy-Default-Configuration.md | 2 +-
...es]-Deploy-Demo-Landing-Zone-Archetypes.md | 2 +-
...Identity-Resources-With-Custom-Settings.md | 2 +-
.../[Examples]-Deploy-Identity-Resources.md | 2 +-
...nagement-Resources-With-Custom-Settings.md | 2 +-
.../[Examples]-Deploy-Management-Resources.md | 2 +-
.../[Examples]-Deploy-Using-Module-Nesting.md | 2 +-
...tual-WAN-Resources-With-Custom-Settings.md | 2 +-
...[Examples]-Deploy-Virtual-WAN-Resources.md | 2 +-
...-module-declarations-with-orchestration.md | 8 +-
...e-module-declarations-with-remote-state.md | 6 +-
...]-Expand-built-in-archetype-definitions.md | 2 +-
...mples]-Override-Module-Role-Assignments.md | 2 +-
docs/wiki/[User-Guide]-Getting-Started.md | 4 +-
docs/wiki/[User-Guide]-Module-Outputs.md | 2 +-
.../[User-Guide]-Provider-Configuration.md | 4 +-
...er-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md | 104 +
examples/400-multi-with-orchestration/main.tf | 2 +-
.../modules/connectivity/main.tf | 2 +-
.../modules/core/main.tf | 2 +-
.../modules/management/main.tf | 2 +-
.../connectivity/main.tf | 2 +-
.../400-multi-with-remote-state/core/main.tf | 2 +-
.../management/main.tf | 2 +-
locals.management.tf | 19 +
locals.version.tf | 2 +-
modules/connectivity/README.md | 15 +-
modules/connectivity/locals.tf | 143 +-
modules/connectivity/variables.tf | 15 +-
modules/management/README.md | 28 +-
modules/management/locals.tf | 540 +-
modules/management/variables.tf | 28 +-
modules/role_assignments_for_policy/README.md | 4 +-
modules/role_assignments_for_policy/main.tf | 1 -
.../role_assignments_for_policy/terraform.tf | 5 +-
resources.connectivity.tf | 2 +
resources.management.tf | 32 +-
resources.management_groups.tf | 3 +-
resources.policy_assignments.tf | 16 +-
terraform.tf | 11 +-
tests/README.md | 5 +-
tests/modules/.gitignore | 1 +
tests/modules/settings/main.tf | 4 +-
.../modules/settings/settings.connectivity.tf | 2 +
tests/modules/settings/settings.core.tf | 92 +-
tests/modules/settings/settings.management.tf | 27 +-
tests/modules/settings/terraform.tf | 2 +-
.../test_001_baseline/baseline_values.json | 7914 --------
tests/modules/test_001_baseline/settings.tf | 3 +
tests/modules/test_001_baseline/terraform.tf | 2 +-
.../baseline_values.json | 9280 ---------
.../modules/test_002_add_custom_core/main.tf | 6 +-
.../test_002_add_custom_core/settings.tf | 3 +
.../test_002_add_custom_core/terraform.tf | 2 +-
.../baseline_values.json | 15480 ----------------
tests/modules/test_003_add_mgmt_conn/main.tf | 2 +-
.../test_003_add_mgmt_conn/settings.tf | 3 +
.../test_003_add_mgmt_conn/terraform.tf | 2 +-
tests/pipelines/templates/tests-common.yml | 9 +-
tests/pipelines/templates/tests-loop.yml | 9 -
tests/scripts/azp-strategy.ps1 | 6 +-
tests/scripts/x-manual_tidy-e2e.ps1 | 77 +-
tests/terratest/go.mod | 124 +-
tests/terratest/go.sum | 141 +
variables.tf | 43 +-
70 files changed, 1234 insertions(+), 33114 deletions(-)
create mode 100644 docs/wiki/[User-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md
create mode 100644 tests/modules/.gitignore
delete mode 100644 tests/modules/test_001_baseline/baseline_values.json
delete mode 100644 tests/modules/test_002_add_custom_core/baseline_values.json
delete mode 100644 tests/modules/test_003_add_mgmt_conn/baseline_values.json
diff --git a/README.md b/README.md
index 0ea0a26a9..5af307f6e 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
# Azure landing zones Terraform module
-[![Build Status](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_apis/build/status/Tests/E2E?branchName=refs%2Ftags%2Fv3.3.0)](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_build/latest?definitionId=26&branchName=refs%2Ftags%2Fv3.3.0)
+[![Build Status](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_apis/build/status/Tests/E2E?branchName=refs%2Ftags%2Fv6.0.0)](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_build/latest?definitionId=26&branchName=refs%2Ftags%2Fv6.0.0)
![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/Azure/terraform-azurerm-caf-enterprise-scale?style=flat&logo=github)
[![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/azure/terraform-azurerm-caf-enterprise-scale.svg)](http://isitmaintained.com/project/azure/terraform-azurerm-caf-enterprise-scale "Average time to resolve an issue")
[![Percentage of issues still open](http://isitmaintained.com/badge/open/azure/terraform-azurerm-caf-enterprise-scale.svg)](http://isitmaintained.com/project/azure/terraform-azurerm-caf-enterprise-scale "Percentage of issues still open")
@@ -41,12 +41,10 @@ This allows customers to address concerns around managing large state files, or
## Terraform versions
-This module has been tested using Terraform `1.3.1` and AzureRM Provider `3.74.0` as a baseline, and various versions to up the latest at time of release.
+This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.107.0` as a baseline, and various versions to up the latest at time of release.
In some cases, individual versions of the AzureRM provider may cause errors.
If this happens, we advise upgrading to the latest version and checking our [troubleshooting](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Troubleshooting) guide before [raising an issue](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues).
-> **NOTE:** The module now requires a minimum Terraform version of `1.3.1` to support the GA release of [`optional()` Object Type Attributes](https://developer.hashicorp.com/terraform/language/expressions/type-constraints#optional-object-type-attributes) and the required fix for [issue #31844](https://github.com/hashicorp/terraform/issues/31844).
-
## Usage
We recommend starting with the following configuration in your root module to learn what resources are created by the module and how it works.
@@ -66,7 +64,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
@@ -156,6 +154,7 @@ Please see the [releases](https://github.com/Azure/terraform-azurerm-caf-enterpr
For upgrade guides from previous versions, please refer to the following links:
+- [Upgrade from v5.2.1 to v6.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v5.2.1-to-v6.0.0)
- [Upgrade from v4.2.0 to v5.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v4.2.0-to-v5.0.0)
- [Upgrade from v3.3.0 to v4.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v3.3.0-to-v4.0.0)
- [Upgrade from v2.4.1 to v3.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v2.4.1-to-v3.0.0)
@@ -172,15 +171,15 @@ For upgrade guides from previous versions, please refer to the following links:
The following requirements are needed by this module:
-- [terraform](#requirement\_terraform) (>= 1.3.1)
+- [terraform](#requirement\_terraform) (~> 1.7)
-- [azapi](#requirement\_azapi) (>= 1.7.0)
+- [azapi](#requirement\_azapi) (~> 1.13, != 1.13.0)
-- [azurerm](#requirement\_azurerm) (>= 3.74.0)
+- [azurerm](#requirement\_azurerm) (~> 3.107)
-- [random](#requirement\_random) (>= 3.1.0)
+- [random](#requirement\_random) (~> 3.6)
-- [time](#requirement\_time) (>= 0.7.0)
+- [time](#requirement\_time) (~> 0.11)
## Modules
@@ -349,9 +348,11 @@ object({
virtual_network_gateway = optional(object({
enabled = optional(bool, false)
config = optional(object({
- address_prefix = optional(string, "")
- gateway_sku_expressroute = optional(string, "")
- gateway_sku_vpn = optional(string, "")
+ address_prefix = optional(string, "")
+ gateway_sku_expressroute = optional(string, "")
+ gateway_sku_vpn = optional(string, "")
+ remote_vnet_traffic_enabled = optional(bool, false)
+ virtual_wan_traffic_enabled = optional(bool, false)
advanced_vpn_settings = optional(object({
enable_bgp = optional(bool, null)
active_active = optional(bool, null)
@@ -515,6 +516,9 @@ object({
azure_api_management = optional(bool, true)
azure_app_configuration_stores = optional(bool, true)
azure_arc = optional(bool, true)
+ azure_arc_guest_configuration = optional(bool, true)
+ azure_arc_hybrid_resource_provider = optional(bool, true)
+ azure_arc_kubernetes = optional(bool, true)
azure_automation_dscandhybridworker = optional(bool, true)
azure_automation_webhook = optional(bool, true)
azure_backup = optional(bool, true)
@@ -537,6 +541,7 @@ object({
azure_database_for_mariadb_server = optional(bool, true)
azure_database_for_mysql_server = optional(bool, true)
azure_database_for_postgresql_server = optional(bool, true)
+ azure_databricks = optional(bool, true)
azure_digital_twins = optional(bool, true)
azure_event_grid_domain = optional(bool, true)
azure_event_grid_topic = optional(bool, true)
@@ -550,9 +555,11 @@ object({
azure_kubernetes_service_management = optional(bool, true)
azure_machine_learning_workspace = optional(bool, true)
azure_managed_disks = optional(bool, true)
+ azure_managed_grafana = optional(bool, true)
azure_media_services = optional(bool, true)
azure_migrate = optional(bool, true)
azure_monitor = optional(bool, true)
+ azure_openai_service = optional(bool, true)
azure_purview_account = optional(bool, true)
azure_purview_studio = optional(bool, true)
azure_relay_namespace = optional(bool, true)
@@ -563,6 +570,7 @@ object({
azure_synapse_analytics_dev = optional(bool, true)
azure_synapse_analytics_sql = optional(bool, true)
azure_synapse_studio = optional(bool, true)
+ azure_virtual_desktop = optional(bool, true)
azure_web_apps_sites = optional(bool, true)
azure_web_apps_static_sites = optional(bool, true)
cognitive_services_account = optional(bool, true)
@@ -625,36 +633,32 @@ Type:
```hcl
object({
settings = optional(object({
+ ama = optional(object({
+ enable_uami = optional(bool, true)
+ enable_vminsights_dcr = optional(bool, true)
+ enable_change_tracking_dcr = optional(bool, true)
+ enable_mdfc_defender_for_sql_dcr = optional(bool, true)
+ enable_mdfc_defender_for_sql_query_collection_for_security_research = optional(bool, true)
+ }), {})
log_analytics = optional(object({
enabled = optional(bool, true)
config = optional(object({
- retention_in_days = optional(number, 30)
- enable_monitoring_for_vm = optional(bool, true)
- enable_monitoring_for_vmss = optional(bool, true)
- enable_solution_for_agent_health_assessment = optional(bool, true)
- enable_solution_for_anti_malware = optional(bool, true)
- enable_solution_for_change_tracking = optional(bool, true)
- enable_solution_for_service_map = optional(bool, false)
- enable_solution_for_sql_assessment = optional(bool, true)
- enable_solution_for_sql_vulnerability_assessment = optional(bool, true)
- enable_solution_for_sql_advanced_threat_detection = optional(bool, true)
- enable_solution_for_updates = optional(bool, true)
- enable_solution_for_vm_insights = optional(bool, true)
- enable_solution_for_container_insights = optional(bool, true)
- enable_sentinel = optional(bool, true)
+ retention_in_days = optional(number, 30)
+ enable_monitoring_for_vm = optional(bool, true)
+ enable_monitoring_for_vmss = optional(bool, true)
+ enable_sentinel = optional(bool, true)
+ enable_change_tracking = optional(bool, true)
}), {})
}), {})
security_center = optional(object({
enabled = optional(bool, true)
config = optional(object({
email_security_contact = optional(string, "security_contact@replace_me")
- enable_defender_for_apis = optional(bool, true)
enable_defender_for_app_services = optional(bool, true)
enable_defender_for_arm = optional(bool, true)
enable_defender_for_containers = optional(bool, true)
enable_defender_for_cosmosdbs = optional(bool, true)
enable_defender_for_cspm = optional(bool, true)
- enable_defender_for_dns = optional(bool, true)
enable_defender_for_key_vault = optional(bool, true)
enable_defender_for_oss_databases = optional(bool, true)
enable_defender_for_servers = optional(bool, true)
@@ -1059,6 +1063,7 @@ Default: `{}`
The following resources are used by this module:
+- [azapi_resource.data_collection_rule](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) (resource)
- [azapi_resource.diag_settings](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) (resource)
- [azurerm_automation_account.management](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_account) (resource)
- [azurerm_dns_zone.connectivity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_zone) (resource)
@@ -1096,6 +1101,7 @@ The following resources are used by this module:
- [azurerm_subscription_template_deployment.telemetry_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription_template_deployment) (resource)
- [azurerm_subscription_template_deployment.telemetry_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription_template_deployment) (resource)
- [azurerm_subscription_template_deployment.telemetry_management](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription_template_deployment) (resource)
+- [azurerm_user_assigned_identity.management](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) (resource)
- [azurerm_virtual_hub.virtual_wan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub) (resource)
- [azurerm_virtual_hub_connection.virtual_wan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub_connection) (resource)
- [azurerm_virtual_hub_routing_intent.virtual_wan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub_routing_intent) (resource)
@@ -1262,4 +1268,4 @@ If you don't wish to send usage data to Microsoft, details on how to turn it off
- [Feature Requests](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Feature-Requests)
- [Contributing to Code](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Contributing-to-Code)
- [Contributing to Documentation](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Contributing-to-Documentation)
-
+
\ No newline at end of file
diff --git a/_README_header.md b/_README_header.md
index 496e88af3..b6a8e0c56 100644
--- a/_README_header.md
+++ b/_README_header.md
@@ -1,6 +1,6 @@
# Azure landing zones Terraform module
-[![Build Status](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_apis/build/status/Tests/E2E?branchName=refs%2Ftags%2Fv3.3.0)](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_build/latest?definitionId=26&branchName=refs%2Ftags%2Fv3.3.0)
+[![Build Status](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_apis/build/status/Tests/E2E?branchName=refs%2Ftags%2Fv6.0.0)](https://dev.azure.com/mscet/CAE-ALZ-Terraform/_build/latest?definitionId=26&branchName=refs%2Ftags%2Fv6.0.0)
![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/Azure/terraform-azurerm-caf-enterprise-scale?style=flat&logo=github)
[![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/azure/terraform-azurerm-caf-enterprise-scale.svg)](http://isitmaintained.com/project/azure/terraform-azurerm-caf-enterprise-scale "Average time to resolve an issue")
[![Percentage of issues still open](http://isitmaintained.com/badge/open/azure/terraform-azurerm-caf-enterprise-scale.svg)](http://isitmaintained.com/project/azure/terraform-azurerm-caf-enterprise-scale "Percentage of issues still open")
@@ -40,12 +40,10 @@ This allows customers to address concerns around managing large state files, or
## Terraform versions
-This module has been tested using Terraform `1.3.1` and AzureRM Provider `3.74.0` as a baseline, and various versions to up the latest at time of release.
+This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.107.0` as a baseline, and various versions to up the latest at time of release.
In some cases, individual versions of the AzureRM provider may cause errors.
If this happens, we advise upgrading to the latest version and checking our [troubleshooting](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Troubleshooting) guide before [raising an issue](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues).
-> **NOTE:** The module now requires a minimum Terraform version of `1.3.1` to support the GA release of [`optional()` Object Type Attributes](https://developer.hashicorp.com/terraform/language/expressions/type-constraints#optional-object-type-attributes) and the required fix for [issue #31844](https://github.com/hashicorp/terraform/issues/31844).
-
## Usage
We recommend starting with the following configuration in your root module to learn what resources are created by the module and how it works.
@@ -65,7 +63,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
@@ -155,6 +153,7 @@ Please see the [releases](https://github.com/Azure/terraform-azurerm-caf-enterpr
For upgrade guides from previous versions, please refer to the following links:
+- [Upgrade from v5.2.1 to v6.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v5.2.1-to-v6.0.0)
- [Upgrade from v4.2.0 to v5.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v4.2.0-to-v5.0.0)
- [Upgrade from v3.3.0 to v4.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v3.3.0-to-v4.0.0)
- [Upgrade from v2.4.1 to v3.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v2.4.1-to-v3.0.0)
diff --git a/docs/wiki/[Examples]-Deploy-Connectivity-Resources-With-Custom-Settings.md b/docs/wiki/[Examples]-Deploy-Connectivity-Resources-With-Custom-Settings.md
index be7b77dc5..5bbff5671 100644
--- a/docs/wiki/[Examples]-Deploy-Connectivity-Resources-With-Custom-Settings.md
+++ b/docs/wiki/[Examples]-Deploy-Connectivity-Resources-With-Custom-Settings.md
@@ -73,7 +73,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Deploy-Connectivity-Resources.md b/docs/wiki/[Examples]-Deploy-Connectivity-Resources.md
index 5cd09a9f0..1c10aaebe 100644
--- a/docs/wiki/[Examples]-Deploy-Connectivity-Resources.md
+++ b/docs/wiki/[Examples]-Deploy-Connectivity-Resources.md
@@ -51,7 +51,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Deploy-Custom-Landing-Zone-Archetypes.md b/docs/wiki/[Examples]-Deploy-Custom-Landing-Zone-Archetypes.md
index 0bb1ef75a..62e9a744a 100644
--- a/docs/wiki/[Examples]-Deploy-Custom-Landing-Zone-Archetypes.md
+++ b/docs/wiki/[Examples]-Deploy-Custom-Landing-Zone-Archetypes.md
@@ -44,7 +44,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Deploy-Default-Configuration.md b/docs/wiki/[Examples]-Deploy-Default-Configuration.md
index 919aa897d..5038a6734 100644
--- a/docs/wiki/[Examples]-Deploy-Default-Configuration.md
+++ b/docs/wiki/[Examples]-Deploy-Default-Configuration.md
@@ -26,7 +26,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Deploy-Demo-Landing-Zone-Archetypes.md b/docs/wiki/[Examples]-Deploy-Demo-Landing-Zone-Archetypes.md
index 83ba293dc..12298cb5c 100644
--- a/docs/wiki/[Examples]-Deploy-Demo-Landing-Zone-Archetypes.md
+++ b/docs/wiki/[Examples]-Deploy-Demo-Landing-Zone-Archetypes.md
@@ -33,7 +33,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Deploy-Identity-Resources-With-Custom-Settings.md b/docs/wiki/[Examples]-Deploy-Identity-Resources-With-Custom-Settings.md
index 0b4764da1..a29f2315a 100644
--- a/docs/wiki/[Examples]-Deploy-Identity-Resources-With-Custom-Settings.md
+++ b/docs/wiki/[Examples]-Deploy-Identity-Resources-With-Custom-Settings.md
@@ -47,7 +47,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Deploy-Identity-Resources.md b/docs/wiki/[Examples]-Deploy-Identity-Resources.md
index 1206a1be4..efbedf382 100644
--- a/docs/wiki/[Examples]-Deploy-Identity-Resources.md
+++ b/docs/wiki/[Examples]-Deploy-Identity-Resources.md
@@ -41,7 +41,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Deploy-Management-Resources-With-Custom-Settings.md b/docs/wiki/[Examples]-Deploy-Management-Resources-With-Custom-Settings.md
index a7d79a52c..4f51b07ea 100644
--- a/docs/wiki/[Examples]-Deploy-Management-Resources-With-Custom-Settings.md
+++ b/docs/wiki/[Examples]-Deploy-Management-Resources-With-Custom-Settings.md
@@ -56,7 +56,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Deploy-Management-Resources.md b/docs/wiki/[Examples]-Deploy-Management-Resources.md
index 022e14ac3..0f740fd68 100644
--- a/docs/wiki/[Examples]-Deploy-Management-Resources.md
+++ b/docs/wiki/[Examples]-Deploy-Management-Resources.md
@@ -41,7 +41,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Deploy-Using-Module-Nesting.md b/docs/wiki/[Examples]-Deploy-Using-Module-Nesting.md
index 7e32e52fd..fa0d3fd84 100644
--- a/docs/wiki/[Examples]-Deploy-Using-Module-Nesting.md
+++ b/docs/wiki/[Examples]-Deploy-Using-Module-Nesting.md
@@ -84,7 +84,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Deploy-Virtual-WAN-Resources-With-Custom-Settings.md b/docs/wiki/[Examples]-Deploy-Virtual-WAN-Resources-With-Custom-Settings.md
index 92dbc5153..eb4e6a0c4 100644
--- a/docs/wiki/[Examples]-Deploy-Virtual-WAN-Resources-With-Custom-Settings.md
+++ b/docs/wiki/[Examples]-Deploy-Virtual-WAN-Resources-With-Custom-Settings.md
@@ -71,7 +71,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Deploy-Virtual-WAN-Resources.md b/docs/wiki/[Examples]-Deploy-Virtual-WAN-Resources.md
index f3e358462..c2f7ee2b5 100644
--- a/docs/wiki/[Examples]-Deploy-Virtual-WAN-Resources.md
+++ b/docs/wiki/[Examples]-Deploy-Virtual-WAN-Resources.md
@@ -58,7 +58,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Deploy-using-multiple-module-declarations-with-orchestration.md b/docs/wiki/[Examples]-Deploy-using-multiple-module-declarations-with-orchestration.md
index b88ad7d55..1e0d72555 100644
--- a/docs/wiki/[Examples]-Deploy-using-multiple-module-declarations-with-orchestration.md
+++ b/docs/wiki/[Examples]-Deploy-using-multiple-module-declarations-with-orchestration.md
@@ -90,7 +90,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
@@ -260,7 +260,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
@@ -474,7 +474,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
@@ -688,7 +688,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Deploy-using-multiple-module-declarations-with-remote-state.md b/docs/wiki/[Examples]-Deploy-using-multiple-module-declarations-with-remote-state.md
index 3798e56b6..a1c5770cc 100644
--- a/docs/wiki/[Examples]-Deploy-using-multiple-module-declarations-with-remote-state.md
+++ b/docs/wiki/[Examples]-Deploy-using-multiple-module-declarations-with-remote-state.md
@@ -94,7 +94,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
backend "local" {
@@ -324,7 +324,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
backend "local" {
@@ -553,7 +553,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
backend "local" {
diff --git a/docs/wiki/[Examples]-Expand-built-in-archetype-definitions.md b/docs/wiki/[Examples]-Expand-built-in-archetype-definitions.md
index 9847c6ed7..0a8381df4 100644
--- a/docs/wiki/[Examples]-Expand-built-in-archetype-definitions.md
+++ b/docs/wiki/[Examples]-Expand-built-in-archetype-definitions.md
@@ -82,7 +82,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[Examples]-Override-Module-Role-Assignments.md b/docs/wiki/[Examples]-Override-Module-Role-Assignments.md
index b9ae86aa2..0e5e6e22c 100644
--- a/docs/wiki/[Examples]-Override-Module-Role-Assignments.md
+++ b/docs/wiki/[Examples]-Override-Module-Role-Assignments.md
@@ -52,7 +52,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[User-Guide]-Getting-Started.md b/docs/wiki/[User-Guide]-Getting-Started.md
index e638024d9..37f8d6bce 100644
--- a/docs/wiki/[User-Guide]-Getting-Started.md
+++ b/docs/wiki/[User-Guide]-Getting-Started.md
@@ -3,9 +3,9 @@
Before getting started with this module, please take note of the following considerations:
-1. This module requires a minimum `azurerm` provider version of `3.74.0`.
+1. This module requires a minimum `azurerm` provider version of `3.107.0`.
-1. This module requires a minimum Terraform version `1.3.1`.
+1. This module requires a minimum Terraform version `1.7.0`.
> **NOTE:** New releases of the module may contain features which require the minimum supported versions to be increased, but changes will be clearly documented in the release notes, user guide, and readme.
diff --git a/docs/wiki/[User-Guide]-Module-Outputs.md b/docs/wiki/[User-Guide]-Module-Outputs.md
index 31f21cd3f..6764e27e0 100644
--- a/docs/wiki/[User-Guide]-Module-Outputs.md
+++ b/docs/wiki/[User-Guide]-Module-Outputs.md
@@ -38,7 +38,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/docs/wiki/[User-Guide]-Provider-Configuration.md b/docs/wiki/[User-Guide]-Provider-Configuration.md
index 1028c537c..287013f2b 100644
--- a/docs/wiki/[User-Guide]-Provider-Configuration.md
+++ b/docs/wiki/[User-Guide]-Provider-Configuration.md
@@ -54,7 +54,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
@@ -112,7 +112,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
configuration_aliases = [
azurerm.connectivity,
azurerm.management,
diff --git a/docs/wiki/[User-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md b/docs/wiki/[User-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md
new file mode 100644
index 000000000..c1e3175ff
--- /dev/null
+++ b/docs/wiki/[User-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md
@@ -0,0 +1,104 @@
+
+## Overview
+
+This is a major release, following the update of Azure Landing Zones with it's major policy refresh and move to Azure Monitoring Agent from Microsoft Monitoring Agent.
+
+## ‼️ Breaking Changes
+
+1. Minimum AzureRM provider version now 3.107.0`
+2. Minimum Terraform version now `1.7.0`
+3. `var.configure_management_resources` schema change, removing legacy components and adding support for AMA resources
+
+## Incorporates the following changes from upstream
+
+1. [Policy refresh H2 FY24](https://github.com/Azure/Enterprise-Scale/pull/1651)
+2. [AMA Updates](https://github.com/Azure/Enterprise-Scale/pull/1649)
+
+## Policy Refresh
+
+See:
+
+- Move to built-in policies for deployment of diagnostic settings (original assignment will be moved to new definitions)
+- Move to built-in policies for deployment of Azure Monitor Agent
+
+## Azure Monitor Agent
+
+The Microsoft Monitoring Agent is deprecated and all assignments have been removed, howwver the policy definitions remain.
+We now assign polices that deploy the Azure Monitor Agent (AMA) instead of the Microsoft Monitoring Agent (MMA).
+We deploy AMA resources using the new `configure_management_resources` variable.
+
+### New resources
+
+- A user-assigned managed identity (UAMI) for the AMA agent to authenticate with Azure Monitor (this needs no special tole assignments, any valid identity will suffice)
+- Data collection rule for VM Insights
+- Data collection rule for Change Tracking
+- Data collection rule for Defender for SQL
+
+Going forward, this module will not provide support for the MMA, and will only support the AMA.
+If you wish to continue using the MMA, you will need to manage this outside of the module.
+
+### Microsoft Monitoring Agent (MMA) Cleanup
+
+As MMA resources were deployed using Azure Policy (DeployIfNotExists), the resources will not be cleaned up automatically.
+You will need to manually clean up the resources.
+
+We will publish a link to the MMA migration guidance once it is released, this will contain the steps to clean up the legacy MMA resources.
+
+## Notable changes from our awesome community
+
+1. feat: new private DNS zones: [#918](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/pull/918) (thanks @chrsundermann!)
+2. feat: new virtual network gateway routing parameters: [#925](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/pull/925) (thanks @nyanhp!)
+3. fix: mg diag setting location: [#952](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/pull/952) (thanks @Keetika-Yogendra!)
+
+### `configure_management_resources`
+
+This has been updated, the changed sections are shown below.
+Note the removal of deprecated log analytics solutions and the addition of the new AMA settings.
+
+```terraform
+variable "configure_management_resources" {
+ type = object({
+ settings = optional(object({
+ ama = optional(object({
+ enable_uami = optional(bool, true)
+ enable_vminsights_dcr = optional(bool, true)
+ enable_change_tracking_dcr = optional(bool, true)
+ enable_mdfc_defender_for_sql_dcr = optional(bool, true)
+ enable_mdfc_defender_for_sql_query_collection_for_security_research = optional(bool, true)
+ }), {})
+ log_analytics = optional(object({
+ enabled = optional(bool, true)
+ config = optional(object({
+ retention_in_days = optional(number, 30)
+ enable_monitoring_for_vm = optional(bool, true)
+ enable_monitoring_for_vmss = optional(bool, true)
+ enable_sentinel = optional(bool, true)
+ enable_change_tracking = optional(bool, true)
+ }), {})
+ }), {})
+ ### ... (other settings, no changes)
+ }), {})
+ })
+}
+```
+
+## Acknowledgements
+
+Thanks to:
+
+- @JamesDLD for providing a helpful contribution for the DCRs
+- @jaredfholgate for the policy sync process work and code review
+- @arjenhuitema for his awesome work on the AMA design
+- @springstone for an awesome policy refresh effort
+- @jtracey93 for his technical assurance and oversight
+
+**Full Changelog**: [v5.2.1...v6.0.0](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/compare/v5.2.1...v6.0.0)
+
+## Next steps
+
+Take a look at the latest [User Guide](User-Guide) documentation and our [Examples](Examples) to understand the latest module configuration options, and review your implementation against the changes documented on this page.
+
+## Need help?
+
+If you're running into problems with the upgrade, please let us know via the [GitHub Issues](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues).
+We will do our best to point you in the right direction.
diff --git a/examples/400-multi-with-orchestration/main.tf b/examples/400-multi-with-orchestration/main.tf
index 32f25e491..2f6065237 100644
--- a/examples/400-multi-with-orchestration/main.tf
+++ b/examples/400-multi-with-orchestration/main.tf
@@ -5,7 +5,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/examples/400-multi-with-orchestration/modules/connectivity/main.tf b/examples/400-multi-with-orchestration/modules/connectivity/main.tf
index 1ab6bd9d4..0adaa8beb 100644
--- a/examples/400-multi-with-orchestration/modules/connectivity/main.tf
+++ b/examples/400-multi-with-orchestration/modules/connectivity/main.tf
@@ -5,7 +5,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/examples/400-multi-with-orchestration/modules/core/main.tf b/examples/400-multi-with-orchestration/modules/core/main.tf
index b834130f7..48d99f4e6 100644
--- a/examples/400-multi-with-orchestration/modules/core/main.tf
+++ b/examples/400-multi-with-orchestration/modules/core/main.tf
@@ -5,7 +5,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "3.74.0"
+ version = "3.107.0"
}
}
}
diff --git a/examples/400-multi-with-orchestration/modules/management/main.tf b/examples/400-multi-with-orchestration/modules/management/main.tf
index 1309f2eaa..d692dc3a1 100644
--- a/examples/400-multi-with-orchestration/modules/management/main.tf
+++ b/examples/400-multi-with-orchestration/modules/management/main.tf
@@ -5,7 +5,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/examples/400-multi-with-remote-state/connectivity/main.tf b/examples/400-multi-with-remote-state/connectivity/main.tf
index c7c38b38f..aef841352 100644
--- a/examples/400-multi-with-remote-state/connectivity/main.tf
+++ b/examples/400-multi-with-remote-state/connectivity/main.tf
@@ -5,7 +5,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
backend "local" {
diff --git a/examples/400-multi-with-remote-state/core/main.tf b/examples/400-multi-with-remote-state/core/main.tf
index 0f1c9ddfe..2afd858b6 100644
--- a/examples/400-multi-with-remote-state/core/main.tf
+++ b/examples/400-multi-with-remote-state/core/main.tf
@@ -5,7 +5,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
backend "local" {
diff --git a/examples/400-multi-with-remote-state/management/main.tf b/examples/400-multi-with-remote-state/management/main.tf
index 12988e0ca..4a563a76f 100644
--- a/examples/400-multi-with-remote-state/management/main.tf
+++ b/examples/400-multi-with-remote-state/management/main.tf
@@ -5,7 +5,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
backend "local" {
diff --git a/locals.management.tf b/locals.management.tf
index 894edc6b1..6f8ab8970 100644
--- a/locals.management.tf
+++ b/locals.management.tf
@@ -47,3 +47,22 @@ locals {
if resource.managed_by_module
}
}
+
+# The following locals are used to build the map of UAMI
+# resources to deploy.
+locals {
+ azurerm_user_assigned_identity_management = {
+ for resource in module.management_resources.configuration.azurerm_user_assigned_identity :
+ resource.resource_id => resource
+ if resource.managed_by_module
+ }
+}
+
+# The following locals are used to build the map of the DCRs
+locals {
+ azurerm_monitor_data_collection_rule_management = {
+ for resource in module.management_resources.configuration.azurerm_monitor_data_collection_rule :
+ resource.resource_id => resource
+ if resource.managed_by_module
+ }
+}
diff --git a/locals.version.tf b/locals.version.tf
index d09b3d59e..79f625752 100644
--- a/locals.version.tf
+++ b/locals.version.tf
@@ -1,3 +1,3 @@
locals {
- module_version = "v5.0.0"
+ module_version = "v6.0.0"
}
diff --git a/modules/connectivity/README.md b/modules/connectivity/README.md
index 8721add3f..4df0f68f7 100644
--- a/modules/connectivity/README.md
+++ b/modules/connectivity/README.md
@@ -141,9 +141,11 @@ object({
virtual_network_gateway = optional(object({
enabled = optional(bool, false)
config = optional(object({
- address_prefix = optional(string, "")
- gateway_sku_expressroute = optional(string, "")
- gateway_sku_vpn = optional(string, "")
+ address_prefix = optional(string, "")
+ gateway_sku_expressroute = optional(string, "")
+ gateway_sku_vpn = optional(string, "")
+ remote_vnet_traffic_enabled = optional(bool, false)
+ virtual_wan_traffic_enabled = optional(bool, false)
advanced_vpn_settings = optional(object({
enable_bgp = optional(bool, null)
active_active = optional(bool, null)
@@ -307,6 +309,9 @@ object({
azure_api_management = optional(bool, true)
azure_app_configuration_stores = optional(bool, true)
azure_arc = optional(bool, true)
+ azure_arc_guest_configuration = optional(bool, true)
+ azure_arc_hybrid_resource_provider = optional(bool, true)
+ azure_arc_kubernetes = optional(bool, true)
azure_automation_dscandhybridworker = optional(bool, true)
azure_automation_webhook = optional(bool, true)
azure_backup = optional(bool, true)
@@ -329,6 +334,7 @@ object({
azure_database_for_mariadb_server = optional(bool, true)
azure_database_for_mysql_server = optional(bool, true)
azure_database_for_postgresql_server = optional(bool, true)
+ azure_databricks = optional(bool, true)
azure_digital_twins = optional(bool, true)
azure_event_grid_domain = optional(bool, true)
azure_event_grid_topic = optional(bool, true)
@@ -342,9 +348,11 @@ object({
azure_kubernetes_service_management = optional(bool, true)
azure_machine_learning_workspace = optional(bool, true)
azure_managed_disks = optional(bool, true)
+ azure_managed_grafana = optional(bool, true)
azure_media_services = optional(bool, true)
azure_migrate = optional(bool, true)
azure_monitor = optional(bool, true)
+ azure_openai_service = optional(bool, true)
azure_purview_account = optional(bool, true)
azure_purview_studio = optional(bool, true)
azure_relay_namespace = optional(bool, true)
@@ -355,6 +363,7 @@ object({
azure_synapse_analytics_dev = optional(bool, true)
azure_synapse_analytics_sql = optional(bool, true)
azure_synapse_studio = optional(bool, true)
+ azure_virtual_desktop = optional(bool, true)
azure_web_apps_sites = optional(bool, true)
azure_web_apps_static_sites = optional(bool, true)
cognitive_services_account = optional(bool, true)
diff --git a/modules/connectivity/locals.tf b/modules/connectivity/locals.tf
index 5745088b9..a81ed48a3 100644
--- a/modules/connectivity/locals.tf
+++ b/modules/connectivity/locals.tf
@@ -538,11 +538,13 @@ locals {
resource_id = local.er_gateway_resource_id[location]
managed_by_module = local.deploy_virtual_network_gateway_express_route[location]
# Resource definition attributes
- name = local.er_gateway_name[location]
- resource_group_name = local.resource_group_names_by_scope_and_location["connectivity"][location]
- location = location
- type = "ExpressRoute"
- sku = hub_network.config.virtual_network_gateway.config.gateway_sku_expressroute
+ name = local.er_gateway_name[location]
+ resource_group_name = local.resource_group_names_by_scope_and_location["connectivity"][location]
+ location = location
+ type = "ExpressRoute"
+ sku = hub_network.config.virtual_network_gateway.config.gateway_sku_expressroute
+ remote_vnet_traffic_enabled = hub_network.config.virtual_network_gateway.config.remote_vnet_traffic_enabled
+ virtual_wan_traffic_enabled = hub_network.config.virtual_network_gateway.config.virtual_wan_traffic_enabled
ip_configuration = try(
# To support `active_active = true` must currently specify a custom ip_configuration
local.custom_settings.azurerm_virtual_network_gateway["connectivity_expressroute"][location].ip_configuration,
@@ -653,11 +655,13 @@ locals {
resource_id = local.vpn_gateway_resource_id[location]
managed_by_module = local.deploy_virtual_network_gateway_vpn[location]
# Resource definition attributes
- name = local.vpn_gateway_name[location]
- resource_group_name = local.resource_group_names_by_scope_and_location["connectivity"][location]
- location = location
- type = "Vpn"
- sku = hub_network.config.virtual_network_gateway.config.gateway_sku_vpn
+ name = local.vpn_gateway_name[location]
+ resource_group_name = local.resource_group_names_by_scope_and_location["connectivity"][location]
+ location = location
+ type = "Vpn"
+ sku = hub_network.config.virtual_network_gateway.config.gateway_sku_vpn
+ remote_vnet_traffic_enabled = null
+ virtual_wan_traffic_enabled = null
ip_configuration = try(
local.custom_settings.azurerm_virtual_network_gateway["connectivity_vpn"][location].ip_configuration,
concat(
@@ -1439,6 +1443,9 @@ locals {
azure_api_management = ["privatelink.azure-api.net", "privatelink.developer.azure-api.net"]
azure_app_configuration_stores = ["privatelink.azconfig.io"]
azure_arc = ["privatelink.his.arc.azure.com", "privatelink.guestconfiguration.azure.com", "privatelink.kubernetesconfiguration.azure.com"]
+ azure_arc_guest_configuration = ["privatelink.guestconfiguration.azure.com"]
+ azure_arc_hybrid_resource_provider = ["privatelink.his.arc.azure.com"]
+ azure_arc_kubernetes = ["privatelink.dp.kubernetesconfiguration.azure.com"]
azure_automation_dscandhybridworker = ["privatelink.azure-automation.net"]
azure_automation_webhook = ["privatelink.azure-automation.net"]
azure_batch_account = ["privatelink.batch.azure.com"]
@@ -1459,6 +1466,7 @@ locals {
azure_database_for_mariadb_server = ["privatelink.mariadb.database.azure.com"]
azure_database_for_mysql_server = ["privatelink.mysql.database.azure.com"]
azure_database_for_postgresql_server = ["privatelink.postgres.database.azure.com"]
+ azure_databricks = ["privatelink.azuredatabricks.net"]
azure_digital_twins = ["privatelink.digitaltwins.azure.net"]
azure_event_grid_domain = ["privatelink.eventgrid.azure.net"]
azure_event_grid_topic = ["privatelink.eventgrid.azure.net"]
@@ -1471,9 +1479,11 @@ locals {
azure_key_vault_managed_hsm = ["privatelink.managedhsm.azure.net"]
azure_machine_learning_workspace = ["privatelink.api.azureml.ms", "privatelink.notebooks.azure.net"]
azure_managed_disks = ["privatelink.blob.core.windows.net"]
+ azure_managed_grafana = ["privatelink.grafana.azure.com"]
azure_media_services = ["privatelink.media.azure.net"]
azure_migrate = ["privatelink.prod.migration.windowsazure.com"]
azure_monitor = ["privatelink.monitor.azure.com", "privatelink.oms.opinsights.azure.com", "privatelink.ods.opinsights.azure.com", "privatelink.agentsvc.azure-automation.net", "privatelink.blob.core.windows.net"]
+ azure_openai_service = ["privatelink.openai.azure.com"]
azure_purview_account = ["privatelink.purview.azure.com"]
azure_purview_studio = ["privatelink.purviewstudio.azure.com"]
azure_relay_namespace = ["privatelink.servicebus.windows.net"]
@@ -1484,7 +1494,8 @@ locals {
azure_synapse_analytics_dev = ["privatelink.dev.azuresynapse.net"]
azure_synapse_analytics_sql = ["privatelink.sql.azuresynapse.net"]
azure_synapse_studio = ["privatelink.azuresynapse.net"]
- azure_web_apps_sites = ["privatelink.azurewebsites.net"]
+ azure_virtual_desktop = ["privatelink.wvd.microsoft.com"]
+ azure_web_apps_sites = ["privatelink.azurewebsites.net", "scm.privatelink.azurewebsites.net"]
azure_web_apps_static_sites = ["privatelink.azurestaticapps.net"]
cognitive_services_account = ["privatelink.cognitiveservices.azure.com"]
microsoft_power_bi = ["privatelink.analysis.windows.net", "privatelink.pbidedicated.windows.net", "privatelink.tip1.powerquery.microsoft.com"]
@@ -1865,57 +1876,65 @@ locals {
"${local.root_id}-corp" = {
parameters = {
Deploy-Private-DNS-Zones = {
- azureAcrPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azurecr.io"
- azureAppPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azconfig.io"
- azureAppServicesPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azurewebsites.net"
- azureAsrPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.siterecovery.windowsazure.com"
- azureAutomationDSCHybridPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azure-automation.net"
- azureAutomationWebhookPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azure-automation.net"
- azureBatchPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.batch.azure.com"
- azureCognitiveSearchPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.search.windows.net"
- azureCognitiveServicesPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.cognitiveservices.azure.com"
- azureCosmosCassandraPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.cassandra.cosmos.azure.com"
- azureCosmosGremlinPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.gremlin.cosmos.azure.com"
- azureCosmosMongoPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.mongo.cosmos.azure.com"
- azureCosmosSQLPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.documents.azure.com"
- azureCosmosTablePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.table.cosmos.azure.com"
- azureDataFactoryPortalPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.adf.azure.com"
- azureDataFactoryPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.datafactory.azure.net"
- azureDiskAccessPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.blob.core.windows.net"
- azureEventGridDomainsPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.eventgrid.azure.net"
- azureEventGridTopicsPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.eventgrid.azure.net"
- azureEventHubNamespacePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.servicebus.windows.net"
- azureFilePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.afs.azure.net"
- azureHDInsightPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azurehdinsight.net"
- azureIotHubsPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azure-devices.net"
- azureIotPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azure-devices-provisioning.net"
- azureKeyVaultPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.vaultcore.azure.net"
- azureMachineLearningWorkspacePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.api.azureml.ms"
- azureMediaServicesKeyPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.media.azure.net"
- azureMediaServicesLivePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.media.azure.net"
- azureMediaServicesStreamPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.media.azure.net"
- azureMigratePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.prod.migration.windowsazure.com"
- azureMonitorPrivateDnsZoneId1 = "${local.private_dns_zone_prefix}privatelink.monitor.azure.com" # Private DNS Zone for global endpoints used by Azure Monitor
- azureMonitorPrivateDnsZoneId2 = "${local.private_dns_zone_prefix}privatelink.oms.opinsights.azure.com" # Private DNS Zone for workspace-specific mapping to OMS agents endpoints
- azureMonitorPrivateDnsZoneId3 = "${local.private_dns_zone_prefix}privatelink.ods.opinsights.azure.com" # Private DNS Zone for workspace-specific mapping to ingestion endpoints
- azureMonitorPrivateDnsZoneId4 = "${local.private_dns_zone_prefix}privatelink.agentsvc.azure-automation.net" # Private DNS Zone for workspace-specific mapping to the agent service automation endpoints
- azureMonitorPrivateDnsZoneId5 = "${local.private_dns_zone_prefix}privatelink.blob.core.windows.net" # Private DNS Zone for connectivity to the global agent's solution packs storage account
- azureRedisCachePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.redis.cache.windows.net"
- azureServiceBusNamespacePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.servicebus.windows.net"
- azureSignalRPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.service.signalr.net"
- azureStorageBlobPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.blob.core.windows.net"
- azureStorageBlobSecPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.blob.core.windows.net"
- azureStorageDFSPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.dfs.core.windows.net"
- azureStorageDFSSecPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.dfs.core.windows.net"
- azureStorageFilePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.file.core.windows.net"
- azureStorageQueuePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.queue.core.windows.net"
- azureStorageQueueSecPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.queue.core.windows.net"
- azureStorageStaticWebPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.web.core.windows.net"
- azureStorageStaticWebSecPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.web.core.windows.net"
- azureSynapseDevPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.dev.azuresynapse.net"
- azureSynapseSQLODPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.sql.azuresynapse.net"
- azureSynapseSQLPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.sql.azuresynapse.net"
- azureWebPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.webpubsub.azure.com"
+ azureAcrPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azurecr.io"
+ azureManagedGrafanaWorkspacePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.grafana.azure.com"
+ azureArcKubernetesConfigurationPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.dp.kubernetesconfiguration.azure.com"
+ azureArcHybridResourceProviderPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.his.arc.azure.com"
+ azureArcGuestconfigurationPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.guestconfiguration.azure.com"
+ azureAppPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azconfig.io"
+ azureAppServicesPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azurewebsites.net"
+ azureAsrPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.siterecovery.windowsazure.com"
+ azureAutomationDSCHybridPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azure-automation.net"
+ azureAutomationWebhookPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azure-automation.net"
+ azureBatchPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.batch.azure.com"
+ azureCognitiveSearchPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.search.windows.net"
+ azureCognitiveServicesPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.cognitiveservices.azure.com"
+ azureCosmosCassandraPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.cassandra.cosmos.azure.com"
+ azureCosmosGremlinPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.gremlin.cosmos.azure.com"
+ azureCosmosMongoPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.mongo.cosmos.azure.com"
+ azureCosmosSQLPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.documents.azure.com"
+ azureCosmosTablePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.table.cosmos.azure.com"
+ azureDataFactoryPortalPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.adf.azure.com"
+ azureDataFactoryPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.datafactory.azure.net"
+ azureDiskAccessPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.blob.core.windows.net"
+ azureEventGridDomainsPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.eventgrid.azure.net"
+ azureEventGridTopicsPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.eventgrid.azure.net"
+ azureEventHubNamespacePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.servicebus.windows.net"
+ azureFilePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.afs.azure.net"
+ azureHDInsightPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azurehdinsight.net"
+ azureIotHubsPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azure-devices.net"
+ azureIotPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.azure-devices-provisioning.net"
+ azureKeyVaultPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.vaultcore.azure.net"
+ azureMachineLearningWorkspacePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.api.azureml.ms"
+ azureMediaServicesKeyPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.media.azure.net"
+ azureMediaServicesLivePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.media.azure.net"
+ azureMediaServicesStreamPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.media.azure.net"
+ azureMigratePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.prod.migration.windowsazure.com"
+ azureMonitorPrivateDnsZoneId1 = "${local.private_dns_zone_prefix}privatelink.monitor.azure.com" # Private DNS Zone for global endpoints used by Azure Monitor
+ azureMonitorPrivateDnsZoneId2 = "${local.private_dns_zone_prefix}privatelink.oms.opinsights.azure.com" # Private DNS Zone for workspace-specific mapping to OMS agents endpoints
+ azureMonitorPrivateDnsZoneId3 = "${local.private_dns_zone_prefix}privatelink.ods.opinsights.azure.com" # Private DNS Zone for workspace-specific mapping to ingestion endpoints
+ azureMonitorPrivateDnsZoneId4 = "${local.private_dns_zone_prefix}privatelink.agentsvc.azure-automation.net" # Private DNS Zone for workspace-specific mapping to the agent service automation endpoints
+ azureMonitorPrivateDnsZoneId5 = "${local.private_dns_zone_prefix}privatelink.blob.core.windows.net" # Private DNS Zone for connectivity to the global agent's solution packs storage account
+ azureRedisCachePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.redis.cache.windows.net"
+ azureServiceBusNamespacePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.servicebus.windows.net"
+ azureSignalRPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.service.signalr.net"
+ azureStorageBlobPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.blob.core.windows.net"
+ azureStorageBlobSecPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.blob.core.windows.net"
+ azureStorageDFSPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.dfs.core.windows.net"
+ azureStorageDFSSecPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.dfs.core.windows.net"
+ azureStorageFilePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.file.core.windows.net"
+ azureStorageQueuePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.queue.core.windows.net"
+ azureStorageQueueSecPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.queue.core.windows.net"
+ azureStorageStaticWebPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.web.core.windows.net"
+ azureStorageStaticWebSecPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.web.core.windows.net"
+ azureSynapseDevPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.dev.azuresynapse.net"
+ azureSynapseSQLODPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.sql.azuresynapse.net"
+ azureSynapseSQLPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.sql.azuresynapse.net"
+ azureWebPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.webpubsub.azure.com"
+ azureVirtualDesktopHostpoolPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.wvd.microsoft.com"
+ azureVirtualDesktopWorkspacePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.wvd.microsoft.com"
+ azureSiteRecoveryBlobPrivateDnsZoneID = "${local.private_dns_zone_prefix}privatelink.blob.core.windows.net"
+ azureSiteRecoveryQueuePrivateDnsZoneID = "${local.private_dns_zone_prefix}privatelink.queue.core.windows.net"
}
}
enforcement_mode = {
diff --git a/modules/connectivity/variables.tf b/modules/connectivity/variables.tf
index efdb9e6e6..1606f9e0a 100644
--- a/modules/connectivity/variables.tf
+++ b/modules/connectivity/variables.tf
@@ -63,9 +63,11 @@ variable "settings" {
virtual_network_gateway = optional(object({
enabled = optional(bool, false)
config = optional(object({
- address_prefix = optional(string, "")
- gateway_sku_expressroute = optional(string, "")
- gateway_sku_vpn = optional(string, "")
+ address_prefix = optional(string, "")
+ gateway_sku_expressroute = optional(string, "")
+ gateway_sku_vpn = optional(string, "")
+ remote_vnet_traffic_enabled = optional(bool, false)
+ virtual_wan_traffic_enabled = optional(bool, false)
advanced_vpn_settings = optional(object({
enable_bgp = optional(bool, null)
active_active = optional(bool, null)
@@ -229,6 +231,9 @@ variable "settings" {
azure_api_management = optional(bool, true)
azure_app_configuration_stores = optional(bool, true)
azure_arc = optional(bool, true)
+ azure_arc_guest_configuration = optional(bool, true)
+ azure_arc_hybrid_resource_provider = optional(bool, true)
+ azure_arc_kubernetes = optional(bool, true)
azure_automation_dscandhybridworker = optional(bool, true)
azure_automation_webhook = optional(bool, true)
azure_backup = optional(bool, true)
@@ -251,6 +256,7 @@ variable "settings" {
azure_database_for_mariadb_server = optional(bool, true)
azure_database_for_mysql_server = optional(bool, true)
azure_database_for_postgresql_server = optional(bool, true)
+ azure_databricks = optional(bool, true)
azure_digital_twins = optional(bool, true)
azure_event_grid_domain = optional(bool, true)
azure_event_grid_topic = optional(bool, true)
@@ -264,9 +270,11 @@ variable "settings" {
azure_kubernetes_service_management = optional(bool, true)
azure_machine_learning_workspace = optional(bool, true)
azure_managed_disks = optional(bool, true)
+ azure_managed_grafana = optional(bool, true)
azure_media_services = optional(bool, true)
azure_migrate = optional(bool, true)
azure_monitor = optional(bool, true)
+ azure_openai_service = optional(bool, true)
azure_purview_account = optional(bool, true)
azure_purview_studio = optional(bool, true)
azure_relay_namespace = optional(bool, true)
@@ -277,6 +285,7 @@ variable "settings" {
azure_synapse_analytics_dev = optional(bool, true)
azure_synapse_analytics_sql = optional(bool, true)
azure_synapse_studio = optional(bool, true)
+ azure_virtual_desktop = optional(bool, true)
azure_web_apps_sites = optional(bool, true)
azure_web_apps_static_sites = optional(bool, true)
cognitive_services_account = optional(bool, true)
diff --git a/modules/management/README.md b/modules/management/README.md
index 87cd54183..7e93fb138 100644
--- a/modules/management/README.md
+++ b/modules/management/README.md
@@ -120,36 +120,32 @@ Type:
```hcl
object({
+ ama = optional(object({
+ enable_uami = optional(bool, true)
+ enable_vminsights_dcr = optional(bool, true)
+ enable_change_tracking_dcr = optional(bool, true)
+ enable_mdfc_defender_for_sql_dcr = optional(bool, true)
+ enable_mdfc_defender_for_sql_query_collection_for_security_research = optional(bool, true)
+ }), {})
log_analytics = optional(object({
enabled = optional(bool, true)
config = optional(object({
- retention_in_days = optional(number, 30)
- enable_monitoring_for_vm = optional(bool, true)
- enable_monitoring_for_vmss = optional(bool, true)
- enable_solution_for_agent_health_assessment = optional(bool, true)
- enable_solution_for_anti_malware = optional(bool, true)
- enable_solution_for_change_tracking = optional(bool, true)
- enable_solution_for_service_map = optional(bool, true)
- enable_solution_for_sql_assessment = optional(bool, true)
- enable_solution_for_sql_vulnerability_assessment = optional(bool, true)
- enable_solution_for_sql_advanced_threat_detection = optional(bool, true)
- enable_solution_for_updates = optional(bool, true)
- enable_solution_for_vm_insights = optional(bool, true)
- enable_solution_for_container_insights = optional(bool, true)
- enable_sentinel = optional(bool, true)
+ retention_in_days = optional(number, 30)
+ enable_monitoring_for_vm = optional(bool, true)
+ enable_monitoring_for_vmss = optional(bool, true)
+ enable_sentinel = optional(bool, true)
+ enable_change_tracking = optional(bool, true)
}), {})
}), {})
security_center = optional(object({
enabled = optional(bool, true)
config = optional(object({
email_security_contact = optional(string, "security_contact@replace_me")
- enable_defender_for_apis = optional(bool, true)
enable_defender_for_app_services = optional(bool, true)
enable_defender_for_arm = optional(bool, true)
enable_defender_for_containers = optional(bool, true)
enable_defender_for_cosmosdbs = optional(bool, true)
enable_defender_for_cspm = optional(bool, true)
- enable_defender_for_dns = optional(bool, true)
enable_defender_for_key_vault = optional(bool, true)
enable_defender_for_oss_databases = optional(bool, true)
enable_defender_for_servers = optional(bool, true)
diff --git a/modules/management/locals.tf b/modules/management/locals.tf
index 635597a27..f2cc2deec 100644
--- a/modules/management/locals.tf
+++ b/modules/management/locals.tf
@@ -31,11 +31,14 @@ locals {
# Extract individual custom settings blocks from
# the custom_settings_by_resource_type variable.
locals {
- custom_settings_rsg = try(local.custom_settings.azurerm_resource_group["management"], local.empty_map)
- custom_settings_la_workspace = try(local.custom_settings.azurerm_log_analytics_workspace["management"], local.empty_map)
- custom_settings_la_solution = try(local.custom_settings.azurerm_log_analytics_solution["management"], local.empty_map)
- custom_settings_aa = try(local.custom_settings.azurerm_automation_account["management"], local.empty_map)
- custom_settings_la_linked_service = try(local.custom_settings.azurerm_log_analytics_linked_service["management"], local.empty_map)
+ custom_settings_rsg = try(local.custom_settings.azurerm_resource_group["management"], local.empty_map)
+ custom_settings_la_workspace = try(local.custom_settings.azurerm_log_analytics_workspace["management"], local.empty_map)
+ custom_settings_la_solution = try(local.custom_settings.azurerm_log_analytics_solution["management"], local.empty_map)
+ custom_settings_aa = try(local.custom_settings.azurerm_automation_account["management"], local.empty_map)
+ custom_settings_uami = try(local.custom_settings.azurerm_user_assigned_identity["management"], local.empty_map)
+ custom_settings_la_linked_service = try(local.custom_settings.azurerm_log_analytics_linked_service["management"], local.empty_map)
+ custom_settings_dcr_vm_insights = try(local.custom_settings.azurerm_data_collection_rule["management"]["vminsights"], local.empty_map)
+ custom_settings_dcr_change_tracking = try(local.custom_settings.azurerm_data_collection_rule["management"]["change_tracking"], local.empty_map)
}
# Logic to determine whether specific resources
@@ -50,27 +53,15 @@ locals {
deploy_log_analytics_linked_service = local.deploy_monitoring_resources && local.link_log_analytics_to_automation_account
deploy_automation_account = local.deploy_monitoring_resources && local.existing_automation_account_resource_id == local.empty_string
deploy_azure_monitor_solutions = {
- AgentHealthAssessment = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_solution_for_agent_health_assessment
- AntiMalware = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_solution_for_anti_malware
- ChangeTracking = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_solution_for_change_tracking
- Security = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_sentinel
- SecurityInsights = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_sentinel
- ServiceMap = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_solution_for_service_map
- SQLAssessment = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_solution_for_sql_assessment
- SQLVulnerabilityAssessment = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_solution_for_sql_vulnerability_assessment
- SQLAdvancedThreatProtection = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_solution_for_sql_advanced_threat_detection
- Updates = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_solution_for_updates
- VMInsights = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_solution_for_vm_insights
- ContainerInsights = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_solution_for_container_insights
+ SecurityInsights = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_sentinel
+ ChangeTracking = local.deploy_monitoring_resources && local.settings.log_analytics.config.enable_change_tracking
}
deploy_security_settings = local.settings.security_center.enabled
- deploy_defender_for_apis = local.settings.security_center.config.enable_defender_for_apis
deploy_defender_for_app_services = local.settings.security_center.config.enable_defender_for_app_services
deploy_defender_for_arm = local.settings.security_center.config.enable_defender_for_arm
deploy_defender_for_containers = local.settings.security_center.config.enable_defender_for_containers
deploy_defender_for_cosmosdbs = local.settings.security_center.config.enable_defender_for_cosmosdbs
deploy_defender_for_cspm = local.settings.security_center.config.enable_defender_for_cspm
- deploy_defender_for_dns = local.settings.security_center.config.enable_defender_for_dns
deploy_defender_for_key_vault = local.settings.security_center.config.enable_defender_for_key_vault
deploy_defender_for_oss_databases = local.settings.security_center.config.enable_defender_for_oss_databases
deploy_defender_for_servers = local.settings.security_center.config.enable_defender_for_servers
@@ -78,6 +69,10 @@ locals {
deploy_defender_for_sql_servers = local.settings.security_center.config.enable_defender_for_sql_servers
deploy_defender_for_sql_server_vms = local.settings.security_center.config.enable_defender_for_sql_server_vms
deploy_defender_for_storage = local.settings.security_center.config.enable_defender_for_storage
+ deploy_ama_uami = local.deploy_monitoring_resources && local.settings.ama.enable_uami
+ deploy_vminsights_dcr = local.deploy_monitoring_resources && local.settings.ama.enable_vminsights_dcr
+ deploy_change_tracking_dcr = local.deploy_monitoring_resources && local.settings.ama.enable_change_tracking_dcr
+ deploy_mdfc_defender_for_sql_dcr = local.deploy_monitoring_resources && local.settings.ama.enable_mdfc_defender_for_sql_dcr
}
# Configuration settings for resource type:
@@ -144,6 +139,413 @@ locals {
]
}
+# Configuration for the user assigned managed identity
+locals {
+ user_assigned_managed_identity_resource_id = "${local.resource_group_resource_id}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${local.user_assigned_managed_identity.name}"
+ user_assigned_managed_identity = {
+ name = lookup(local.custom_settings_uami, "name", "${local.resource_prefix}-uami${local.resource_suffix}")
+ resource_group_name = lookup(local.custom_settings_uami, "resource_group_name", local.resource_group_name)
+ location = lookup(local.custom_settings_uami, "location", local.location)
+ tags = lookup(local.custom_settings_uami, "tags", local.tags)
+ }
+}
+
+# Configuration for the change tracking DCR
+locals {
+ azure_monitor_data_collection_rule_change_tracking_resource_id = "${local.resource_group_resource_id}/providers/Microsoft.Insights/dataCollectionRules/${local.azure_monitor_data_collection_rule_change_tracking.name}"
+ azure_monitor_data_collection_rule_change_tracking = {
+ name = lookup(local.custom_settings_dcr_change_tracking, "name", "${local.resource_prefix}-dcr-changetracking-prod${local.resource_suffix}")
+ type = "Microsoft.Insights/dataCollectionRules@2021-04-01"
+ parent_id = local.resource_group_resource_id
+ location = lookup(local.custom_settings_dcr_change_tracking, "location", local.location)
+ schema_validation_enabled = true
+ tags = lookup(local.custom_settings_dcr_change_tracking, "tags", local.tags)
+ body = {
+ properties = {
+ description = "Data collection rule for CT"
+ dataSources = {
+ extensions = [
+ {
+ streams = [
+ "Microsoft-ConfigurationChange",
+ "Microsoft-ConfigurationChangeV2",
+ "Microsoft-ConfigurationData"
+ ]
+ extensionName = "ChangeTracking-Windows"
+ extensionSettings = {
+ enableFiles = true,
+ enableSoftware = true,
+ enableRegistry = true,
+ enableServices = true,
+ enableInventory = true,
+ registrySettings = {
+ registryCollectionFrequency = 3600
+ registryInfo = [
+ {
+ name = "Registry_1",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\Scripts\\Startup",
+ valueName = ""
+ },
+ {
+ name = "Registry_2",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\Scripts\\Shutdown",
+ valueName = ""
+ },
+ {
+ name = "Registry_3",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
+ valueName = ""
+ },
+ {
+ name = "Registry_4",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components",
+ valueName = ""
+ },
+ {
+ name = "Registry_5",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\ContextMenuHandlers",
+ valueName = ""
+ },
+ {
+ name = "Registry_6",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\Background\\ShellEx\\ContextMenuHandlers",
+ valueName = ""
+ },
+ {
+ name = "Registry_7",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\Shellex\\CopyHookHandlers",
+ valueName = ""
+ },
+ {
+ name = "Registry_8",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers",
+ valueName = ""
+ },
+ {
+ name = "Registry_9",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers",
+ valueName = ""
+ },
+ {
+ name = "Registry_10",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects",
+ valueName = ""
+ },
+ {
+ name = "Registry_11",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects",
+ valueName = ""
+ },
+ {
+ name = "Registry_12",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Extensions",
+ valueName = ""
+ },
+ {
+ name = "Registry_13",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Internet Explorer\\Extensions",
+ valueName = ""
+ },
+ {
+ name = "Registry_14",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32",
+ valueName = ""
+ },
+ {
+ name = "Registry_15",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32",
+ valueName = ""
+ },
+ {
+ name = "Registry_16",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\KnownDlls",
+ valueName = ""
+ },
+ {
+ name = "Registry_17",
+ groupTag = "Recommended",
+ enabled = false,
+ recurse = true,
+ description = "",
+ keyName = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify",
+ valueName = ""
+ }
+ ]
+ }
+ fileSettings = {
+ fileCollectionFrequency = 2700,
+ },
+ softwareSettings = {
+ softwareCollectionFrequency = 1800
+ },
+ inventorySettings = {
+ inventoryCollectionFrequency = 36000
+ },
+ servicesSettings = {
+ serviceCollectionFrequency = 1800
+ }
+ }
+ name = "CTDataSource-Windows"
+ },
+ {
+ streams = [
+ "Microsoft-ConfigurationChange",
+ "Microsoft-ConfigurationChangeV2",
+ "Microsoft-ConfigurationData"
+ ]
+ extensionName = "ChangeTracking-Linux"
+ extensionSettings = {
+ enableFiles = true,
+ enableSoftware = true,
+ enableRegistry = false,
+ enableServices = true,
+ enableInventory = true,
+ fileSettings = {
+ fileCollectionFrequency = 900,
+ fileInfo = [
+ {
+ name = "ChangeTrackingLinuxPath_default",
+ enabled = true,
+ destinationPath = "/etc/.*.conf",
+ useSudo = true,
+ recurse = true,
+ maxContentsReturnable = 5000000,
+ pathType = "File",
+ type = "File",
+ links = "Follow",
+ maxOutputSize = 500000,
+ groupTag = "Recommended"
+ }
+ ]
+ },
+ softwareSettings = {
+ softwareCollectionFrequency = 300
+ },
+ inventorySettings = {
+ inventoryCollectionFrequency = 36000
+ },
+ servicesSettings = {
+ serviceCollectionFrequency = 300
+ }
+ }
+ name = "CTDataSource-Linux"
+ }
+ ]
+ }
+ destinations = {
+ logAnalytics = [
+ {
+ name = "Microsoft-CT-Dest"
+ workspaceResourceId = local.log_analytics_workspace_resource_id
+ }
+ ]
+ }
+ dataFlows = [
+ {
+ streams = [
+ "Microsoft-ConfigurationChange",
+ "Microsoft-ConfigurationChangeV2",
+ "Microsoft-ConfigurationData"
+ ]
+ destinations = ["Microsoft-CT-Dest"]
+ }
+ ]
+ }
+ }
+ }
+}
+
+# Configuration for the change tracking DCR
+locals {
+ azure_monitor_data_collection_rule_defender_sql_resource_id = "${local.resource_group_resource_id}/providers/Microsoft.Insights/dataCollectionRules/${local.azure_monitor_data_collection_rule_defender_sql.name}"
+ azure_monitor_data_collection_rule_defender_sql = {
+ name = lookup(local.custom_settings_dcr_change_tracking, "name", "${local.resource_prefix}-dcr-defendersql-prod${local.resource_suffix}")
+ parent_id = local.resource_group_resource_id
+ type = "Microsoft.Insights/dataCollectionRules@2021-04-01"
+ location = lookup(local.custom_settings_dcr_vm_insights, "location", local.location)
+ schema_validation_enabled = true
+ tags = lookup(local.custom_settings_dcr_vm_insights, "tags", local.tags)
+ body = {
+ properties = {
+ description = "Data collection rule for Defender for SQL.",
+ dataSources = {
+ extensions = [
+ {
+ extensionName = "MicrosoftDefenderForSQL",
+ name = "MicrosoftDefenderForSQL",
+ streams = [
+ "Microsoft-DefenderForSqlAlerts",
+ "Microsoft-DefenderForSqlLogins",
+ "Microsoft-DefenderForSqlTelemetry",
+ "Microsoft-DefenderForSqlScanEvents",
+ "Microsoft-DefenderForSqlScanResults",
+ ],
+ extensionSettings = {
+ enableCollectionOfSqlQueriesForSecurityResearch = local.settings.ama.enable_mdfc_defender_for_sql_query_collection_for_security_research
+ }
+ }
+ ]
+ },
+ destinations = {
+ logAnalytics = [
+ {
+ workspaceResourceId = local.log_analytics_workspace_resource_id,
+ name = "LogAnalyticsDest"
+ }
+ ]
+ },
+ dataFlows = [
+ {
+ streams = [
+ "Microsoft-DefenderForSqlAlerts",
+ "Microsoft-DefenderForSqlLogins",
+ "Microsoft-DefenderForSqlTelemetry",
+ "Microsoft-DefenderForSqlScanEvents",
+ "Microsoft-DefenderForSqlScanResults",
+ ],
+ destinations = [
+ "LogAnalyticsDest"
+ ]
+ }
+ ]
+ }
+ }
+ }
+}
+
+# Configuration for the VM Insights DCR
+locals {
+ azure_monitor_data_collection_rule_vm_insights_resource_id = "${local.resource_group_resource_id}/providers/Microsoft.Insights/dataCollectionRules/${local.azure_monitor_data_collection_rule_vm_insights.name}"
+ azure_monitor_data_collection_rule_vm_insights = {
+ name = lookup(local.custom_settings_dcr_vm_insights, "name", "${local.resource_prefix}-dcr-vm-insights${local.resource_suffix}")
+ parent_id = local.resource_group_resource_id
+ type = "Microsoft.Insights/dataCollectionRules@2021-04-01"
+ location = lookup(local.custom_settings_dcr_vm_insights, "location", local.location)
+ tags = lookup(local.custom_settings_dcr_vm_insights, "tags", local.tags)
+ schema_validation_enabled = false
+ body = {
+ properties = {
+ description = "Data collection rule for VM Insights.",
+ dataSources = {
+ performanceCounters = [
+ {
+ name = "VMInsightsPerfCounters",
+ streams = [
+ "Microsoft-InsightsMetrics"
+ ],
+ scheduledTransferPeriod = "PT1M",
+ samplingFrequencyInSeconds = 60,
+ counterSpecifiers = [
+ "\\VmInsights\\DetailedMetrics"
+ ]
+ }
+ ],
+ extensions = [
+ {
+ streams = [
+ "Microsoft-ServiceMap"
+ ],
+ extensionName = "DependencyAgent",
+ extensionSettings = {},
+ name = "DependencyAgentDataSource"
+ }
+ ]
+ },
+ destinations = {
+ logAnalytics = [
+ {
+ workspaceResourceId = local.log_analytics_workspace_resource_id,
+ name = "VMInsightsPerf-Logs-Dest"
+ }
+ ]
+ },
+ dataFlows = [
+ {
+ streams = [
+ "Microsoft-InsightsMetrics"
+ ],
+ destinations = [
+ "VMInsightsPerf-Logs-Dest"
+ ]
+ },
+ {
+ streams = [
+ "Microsoft-ServiceMap"
+ ],
+ destinations = [
+ "VMInsightsPerf-Logs-Dest"
+ ]
+ }
+ ]
+ }
+ }
+ }
+}
+
# Configuration settings for resource type:
# - azurerm_automation_account
locals {
@@ -191,18 +593,16 @@ locals {
archetype_config_overrides = {
(local.root_id) = {
parameters = {
- Deploy-MDFC-Config = {
+ Deploy-MDFC-Config-H224 = {
emailSecurityContact = local.settings.security_center.config.email_security_contact
logAnalytics = local.log_analytics_workspace_resource_id
ascExportResourceGroupName = local.asc_export_resource_group_name
ascExportResourceGroupLocation = local.location
- enableAscForApis = local.deploy_defender_for_apis ? "DeployIfNotExists" : "Disabled"
enableAscForAppServices = local.deploy_defender_for_app_services ? "DeployIfNotExists" : "Disabled"
enableAscForArm = local.deploy_defender_for_arm ? "DeployIfNotExists" : "Disabled"
enableAscForContainers = local.deploy_defender_for_containers ? "DeployIfNotExists" : "Disabled"
enableAscForCosmosDbs = local.deploy_defender_for_cosmosdbs ? "DeployIfNotExists" : "Disabled"
enableAscForCspm = local.deploy_defender_for_cspm ? "DeployIfNotExists" : "Disabled"
- enableAscForDns = local.deploy_defender_for_dns ? "DeployIfNotExists" : "Disabled"
enableAscForKeyVault = local.deploy_defender_for_key_vault ? "DeployIfNotExists" : "Disabled"
enableAscForOssDb = local.deploy_defender_for_oss_databases ? "DeployIfNotExists" : "Disabled"
enableAscForServers = local.deploy_defender_for_servers ? "DeployIfNotExists" : "Disabled"
@@ -211,16 +611,10 @@ locals {
enableAscForSqlOnVm = local.deploy_defender_for_sql_server_vms ? "DeployIfNotExists" : "Disabled"
enableAscForStorage = local.deploy_defender_for_storage ? "DeployIfNotExists" : "Disabled"
}
- Deploy-VM-Monitoring = {
- logAnalytics_1 = local.log_analytics_workspace_resource_id
- }
- Deploy-VMSS-Monitoring = {
- logAnalytics_1 = local.log_analytics_workspace_resource_id
- }
Deploy-AzActivity-Log = {
logAnalytics = local.log_analytics_workspace_resource_id
}
- Deploy-Resource-Diag = {
+ Deploy-Diag-Logs = {
logAnalytics = local.log_analytics_workspace_resource_id
}
}
@@ -232,6 +626,28 @@ locals {
}
"${local.root_id}-landing-zones" = {
parameters = {
+ DenyAction-DeleteUAMIAMA = {
+ resourceName = local.user_assigned_managed_identity.name
+ resourceType = "Microsoft.ManagedIdentity/userAssignedIdentities"
+ }
+ Deploy-MDFC-DefSQL-AMA = {
+ userWorkspaceResourceId = local.log_analytics_workspace_resource_id
+ }
+ Deploy-AzSqlDb-Auditing = {
+ logAnalyticsWorkspaceId = lower(local.log_analytics_workspace_resource_id)
+ }
+ }
+ enforcement_mode = {}
+ }
+ "${local.root_id}-platform" = {
+ parameters = {
+ DenyAction-DeleteUAMIAMA = {
+ resourceName = local.user_assigned_managed_identity.name
+ resourceType = "Microsoft.ManagedIdentity/userAssignedIdentities"
+ }
+ Deploy-MDFC-DefSQL-AMA = {
+ userWorkspaceResourceId = local.log_analytics_workspace_resource_id
+ }
Deploy-AzSqlDb-Auditing = {
logAnalyticsWorkspaceId = lower(local.log_analytics_workspace_resource_id)
}
@@ -263,15 +679,19 @@ locals {
# Template file variable outputs
locals {
template_file_variables = {
- log_analytics_workspace_resource_id = local.log_analytics_workspace_resource_id
- log_analytics_workspace_name = local.azurerm_log_analytics_workspace.name
- log_analytics_workspace_location = local.azurerm_log_analytics_workspace.location
- automation_account_resource_id = local.automation_account_resource_id
- automation_account_name = local.azurerm_automation_account.name
- automation_account_location = local.azurerm_automation_account.location
- management_location = local.location
- management_resource_group_name = local.azurerm_resource_group.name
- data_retention = tostring(local.azurerm_log_analytics_workspace.retention_in_days)
+ automation_account_location = local.azurerm_automation_account.location
+ automation_account_name = local.azurerm_automation_account.name
+ automation_account_resource_id = local.automation_account_resource_id
+ azure_monitor_data_collection_rule_change_tracking_resource_id = local.azure_monitor_data_collection_rule_change_tracking_resource_id
+ azure_monitor_data_collection_rule_sql_resource_id = local.azure_monitor_data_collection_rule_defender_sql_resource_id
+ azure_monitor_data_collection_rule_vm_insights_resource_id = local.azure_monitor_data_collection_rule_vm_insights_resource_id
+ data_retention = tostring(local.azurerm_log_analytics_workspace.retention_in_days)
+ log_analytics_workspace_location = local.azurerm_log_analytics_workspace.location
+ log_analytics_workspace_name = local.azurerm_log_analytics_workspace.name
+ log_analytics_workspace_resource_id = local.log_analytics_workspace_resource_id
+ management_location = local.location
+ management_resource_group_name = local.azurerm_resource_group.name
+ user_assigned_managed_identity_resource_id = local.user_assigned_managed_identity_resource_id
}
}
@@ -335,6 +755,50 @@ locals {
managed_by_module = local.deploy_log_analytics_linked_service
},
]
+ azurerm_user_assigned_identity = [
+ {
+ resource_id = local.user_assigned_managed_identity_resource_id
+ resource_name = basename(local.user_assigned_managed_identity_resource_id)
+ template = {
+ for key, value in local.user_assigned_managed_identity :
+ key => value
+ if local.deploy_ama_uami
+ }
+ managed_by_module = local.deploy_ama_uami
+ }
+ ]
+ azurerm_monitor_data_collection_rule = [
+ {
+ resource_id = local.azure_monitor_data_collection_rule_vm_insights_resource_id
+ resource_name = basename(local.azure_monitor_data_collection_rule_vm_insights_resource_id)
+ template = {
+ for key, value in local.azure_monitor_data_collection_rule_vm_insights :
+ key => value
+ if local.deploy_vminsights_dcr
+ }
+ managed_by_module = local.deploy_vminsights_dcr
+ },
+ {
+ resource_id = local.azure_monitor_data_collection_rule_change_tracking_resource_id
+ resource_name = basename(local.azure_monitor_data_collection_rule_change_tracking_resource_id)
+ template = {
+ for key, value in local.azure_monitor_data_collection_rule_change_tracking :
+ key => value
+ if local.deploy_change_tracking_dcr
+ }
+ managed_by_module = local.deploy_change_tracking_dcr
+ },
+ {
+ resource_id = local.azure_monitor_data_collection_rule_defender_sql_resource_id
+ resource_name = basename(local.azure_monitor_data_collection_rule_defender_sql_resource_id)
+ template = {
+ for key, value in local.azure_monitor_data_collection_rule_defender_sql :
+ key => value
+ if local.deploy_mdfc_defender_for_sql_dcr
+ }
+ managed_by_module = local.deploy_mdfc_defender_for_sql_dcr
+ }
+ ]
archetype_config_overrides = local.archetype_config_overrides
template_file_variables = local.template_file_variables
}
diff --git a/modules/management/variables.tf b/modules/management/variables.tf
index a8e376b0f..179aff872 100644
--- a/modules/management/variables.tf
+++ b/modules/management/variables.tf
@@ -43,36 +43,32 @@ variable "tags" {
variable "settings" {
type = object({
+ ama = optional(object({
+ enable_uami = optional(bool, true)
+ enable_vminsights_dcr = optional(bool, true)
+ enable_change_tracking_dcr = optional(bool, true)
+ enable_mdfc_defender_for_sql_dcr = optional(bool, true)
+ enable_mdfc_defender_for_sql_query_collection_for_security_research = optional(bool, true)
+ }), {})
log_analytics = optional(object({
enabled = optional(bool, true)
config = optional(object({
- retention_in_days = optional(number, 30)
- enable_monitoring_for_vm = optional(bool, true)
- enable_monitoring_for_vmss = optional(bool, true)
- enable_solution_for_agent_health_assessment = optional(bool, true)
- enable_solution_for_anti_malware = optional(bool, true)
- enable_solution_for_change_tracking = optional(bool, true)
- enable_solution_for_service_map = optional(bool, true)
- enable_solution_for_sql_assessment = optional(bool, true)
- enable_solution_for_sql_vulnerability_assessment = optional(bool, true)
- enable_solution_for_sql_advanced_threat_detection = optional(bool, true)
- enable_solution_for_updates = optional(bool, true)
- enable_solution_for_vm_insights = optional(bool, true)
- enable_solution_for_container_insights = optional(bool, true)
- enable_sentinel = optional(bool, true)
+ retention_in_days = optional(number, 30)
+ enable_monitoring_for_vm = optional(bool, true)
+ enable_monitoring_for_vmss = optional(bool, true)
+ enable_sentinel = optional(bool, true)
+ enable_change_tracking = optional(bool, true)
}), {})
}), {})
security_center = optional(object({
enabled = optional(bool, true)
config = optional(object({
email_security_contact = optional(string, "security_contact@replace_me")
- enable_defender_for_apis = optional(bool, true)
enable_defender_for_app_services = optional(bool, true)
enable_defender_for_arm = optional(bool, true)
enable_defender_for_containers = optional(bool, true)
enable_defender_for_cosmosdbs = optional(bool, true)
enable_defender_for_cspm = optional(bool, true)
- enable_defender_for_dns = optional(bool, true)
enable_defender_for_key_vault = optional(bool, true)
enable_defender_for_oss_databases = optional(bool, true)
enable_defender_for_servers = optional(bool, true)
diff --git a/modules/role_assignments_for_policy/README.md b/modules/role_assignments_for_policy/README.md
index fa06557b5..67ce5638d 100644
--- a/modules/role_assignments_for_policy/README.md
+++ b/modules/role_assignments_for_policy/README.md
@@ -8,9 +8,9 @@
The following requirements are needed by this module:
-- [terraform](#requirement\_terraform) (>= 1.3.1)
+- [terraform](#requirement\_terraform) (~> 1.7)
-- [azurerm](#requirement\_azurerm) (>= 3.74.0)
+- [azurerm](#requirement\_azurerm) (~> 3.107)
## Modules
diff --git a/modules/role_assignments_for_policy/main.tf b/modules/role_assignments_for_policy/main.tf
index 8ac9257c3..cb9cd5e04 100644
--- a/modules/role_assignments_for_policy/main.tf
+++ b/modules/role_assignments_for_policy/main.tf
@@ -12,5 +12,4 @@ resource "azurerm_role_assignment" "for_policy" {
# Optional attributes
role_definition_name = lookup(each.value, "role_definition_name", null)
role_definition_id = lookup(each.value, "role_definition_id", null)
-
}
diff --git a/modules/role_assignments_for_policy/terraform.tf b/modules/role_assignments_for_policy/terraform.tf
index e94465299..47703332b 100644
--- a/modules/role_assignments_for_policy/terraform.tf
+++ b/modules/role_assignments_for_policy/terraform.tf
@@ -3,9 +3,8 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
-
- required_version = ">= 1.3.1"
+ required_version = "~> 1.7"
}
diff --git a/resources.connectivity.tf b/resources.connectivity.tf
index 59553aa8d..6bc9ee75e 100644
--- a/resources.connectivity.tf
+++ b/resources.connectivity.tf
@@ -152,6 +152,8 @@ resource "azurerm_virtual_network_gateway" "connectivity" {
active_active = each.value.template.active_active
private_ip_address_enabled = each.value.template.private_ip_address_enabled
default_local_network_gateway_id = each.value.template.default_local_network_gateway_id
+ remote_vnet_traffic_enabled = each.value.template.remote_vnet_traffic_enabled
+ virtual_wan_traffic_enabled = each.value.template.virtual_wan_traffic_enabled
sku = each.value.template.sku
generation = each.value.template.generation
tags = each.value.template.tags
diff --git a/resources.management.tf b/resources.management.tf
index cc1fc1494..cac2feb63 100644
--- a/resources.management.tf
+++ b/resources.management.tf
@@ -105,7 +105,6 @@ resource "azurerm_automation_account" "management" {
key_vault_key_id = encryption.value["key_vault_key_id"]
# Optional attributes
user_assigned_identity_id = lookup(encryption.value, "user_assigned_identity_id", null)
- key_source = lookup(encryption.value, "key_source", null)
}
}
@@ -137,3 +136,34 @@ resource "azurerm_log_analytics_linked_service" "management" {
]
}
+
+resource "azurerm_user_assigned_identity" "management" {
+ for_each = local.azurerm_user_assigned_identity_management
+
+ provider = azurerm.management
+ # Mandatory resource attributes
+ name = each.value.template.name
+ location = each.value.template.location
+ resource_group_name = each.value.template.resource_group_name
+
+ # Optional resource attributes
+ tags = each.value.template.tags
+
+ # Set explicit dependency on Resource Group deployment
+ depends_on = [
+ azurerm_resource_group.management,
+ ]
+}
+
+resource "azapi_resource" "data_collection_rule" {
+ for_each = local.azurerm_monitor_data_collection_rule_management
+ name = each.value.template.name
+ parent_id = each.value.template.parent_id
+ type = each.value.template.type
+ location = each.value.template.location
+ tags = each.value.template.tags
+ schema_validation_enabled = each.value.template.schema_validation_enabled
+ body = each.value.template.body
+
+ depends_on = [azurerm_log_analytics_workspace.management]
+}
diff --git a/resources.management_groups.tf b/resources.management_groups.tf
index 9ab17ff70..19dcc7428 100644
--- a/resources.management_groups.tf
+++ b/resources.management_groups.tf
@@ -77,11 +77,12 @@ resource "azurerm_management_group" "level_6" {
}
# This will deploy Diagnostic Settings for the Management Groups
-# when the input variable deploy_diagnostics_for_mg is true
+# when the input variable deploy_diagnostics_for_mg is true
resource "azapi_resource" "diag_settings" {
for_each = local.azapi_mg_diagnostics
type = "Microsoft.Insights/diagnosticSettings@2021-05-01-preview"
name = "toLA"
+ location = local.default_location
parent_id = each.key
body = jsonencode({
properties = {
diff --git a/resources.policy_assignments.tf b/resources.policy_assignments.tf
index b75765e42..bb51f552d 100644
--- a/resources.policy_assignments.tf
+++ b/resources.policy_assignments.tf
@@ -69,18 +69,28 @@ resource "azurerm_management_group_policy_assignment" "enterprise_scale" {
}
# Optional Non-compliance messages
- # The mesage will have the placeholder replaced with 'must' or 'should' by default dependent on the enforcement mode
+ # The message will have the placeholder replaced with 'must' or 'should' by default dependent on the enforcement mode
# The language can the altered or localised using the variables
dynamic "non_compliance_message" {
- for_each = local.policy_non_compliance_message_enabled ? (contains(local.non_compliance_message_supported_policy_modes, lookup(local.all_policy_modes, each.value.template.properties.policyDefinitionId, local.policy_set_mode)) ? lookup(each.value.template.properties, "nonComplianceMessages", local.default_non_compliance_message_list) : local.empty_list) : local.empty_list
+ for_each = local.policy_non_compliance_message_enabled ? (contains( # if noncompliance msgs enabled...
+ local.non_compliance_message_supported_policy_modes, # if non_compliance_message_supported_policy_modes contains
+ lookup(local.all_policy_modes, # ...the policy definition mode
+ each.value.template.properties.policyDefinitionId, #
+ local.policy_set_mode) # default use policy set mode
+ ) ? lookup( # then... if the mode is supported then
+ each.value.template.properties, "nonComplianceMessages", local.default_non_compliance_message_list # lookup any custom non-compliance message if not use default
+ ) : local.empty_list) : local.empty_list # if mode not supported then empty list, or is not enabled then empty list
content {
content = replace(lookup(non_compliance_message.value, "message", local.policy_non_compliance_message_default), local.non_compliance_message_enforcement_mode_placeholder, each.value.enforcement_mode ? local.non_compliance_message_enforcement_mode_replacements.default : local.non_compliance_message_enforcement_mode_replacements.donotenforce)
policy_definition_reference_id = lookup(non_compliance_message.value, "policyDefinitionReferenceId", null)
}
}
- # Set explicit dependency on Management Group, Policy Definition and Policy Set Definition deployments
+ # Set explicit dependency on Management Group, Policy Definition and Policy Set Definition deployments.
+ # Additionally ensure the Policy Assignment is created after and destroyed before the User Assigned Identity
+ # this is to ensure that the deny delete policy is deleted before the identity is removed.
depends_on = [
+ azurerm_user_assigned_identity.management,
time_sleep.after_azurerm_management_group,
time_sleep.after_azurerm_policy_definition,
time_sleep.after_azurerm_policy_set_definition,
diff --git a/terraform.tf b/terraform.tf
index d25ffd630..fb0dcd92d 100644
--- a/terraform.tf
+++ b/terraform.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
configuration_aliases = [
azurerm.connectivity,
azurerm.management,
@@ -11,17 +11,16 @@ terraform {
}
time = {
source = "hashicorp/time"
- version = ">= 0.7.0"
+ version = "~> 0.11"
}
random = {
source = "hashicorp/random"
- version = ">= 3.1.0"
+ version = "~> 3.6"
}
azapi = {
source = "Azure/azapi"
- version = ">= 1.7.0"
+ version = "~> 1.13, != 1.13.0"
}
}
-
- required_version = ">= 1.3.1"
+ required_version = "~> 1.7"
}
diff --git a/tests/README.md b/tests/README.md
index e5c92be2f..db98f634a 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -149,10 +149,9 @@ The strategy is generated by a [PowerShell script](https://github.com/Azure/terr
The current strategy consists of running tests against the following version combinations:
- Terraform versions:
- - Minimum version supported by the module (`1.3.1`)
- - Latest `1.3.x` version
+ - Minimum version supported by the module (`1.7.0`)
- Azure provider for Terraform versions:
- - Minimum version supported by the module (`v3.74.0`)
+ - Minimum version supported by the module (`v3.107.0`)
- Latest version
The latest versions are determined programmatically by querying the publisher APIs.
diff --git a/tests/modules/.gitignore b/tests/modules/.gitignore
new file mode 100644
index 000000000..0f5d3547a
--- /dev/null
+++ b/tests/modules/.gitignore
@@ -0,0 +1 @@
+local/*
diff --git a/tests/modules/settings/main.tf b/tests/modules/settings/main.tf
index 41d629c61..0411acb5e 100644
--- a/tests/modules/settings/main.tf
+++ b/tests/modules/settings/main.tf
@@ -1,8 +1,8 @@
data "azurerm_client_config" "core" {}
locals {
- umi_name = "id-identity"
- umi_resource_group_name = "rg-identity"
+ umi_name = "id-${var.root_id}-identity"
+ umi_resource_group_name = "rg-${var.root_id}-identity"
}
resource "azurerm_resource_group" "example" {
diff --git a/tests/modules/settings/settings.connectivity.tf b/tests/modules/settings/settings.connectivity.tf
index 1c45a0964..9785baaf1 100644
--- a/tests/modules/settings/settings.connectivity.tf
+++ b/tests/modules/settings/settings.connectivity.tf
@@ -223,9 +223,11 @@ locals {
azure_database_for_mariadb_server = false
azure_database_for_mysql_server = false
azure_database_for_postgresql_server = false
+ azure_databricks = false
azure_digital_twins = false
azure_key_vault_managed_hsm = false
azure_kubernetes_service_management = false
+ azure_openai_service = false
azure_purview_account = false
azure_purview_studio = false
azure_relay_namespace = false
diff --git a/tests/modules/settings/settings.core.tf b/tests/modules/settings/settings.core.tf
index db724d69e..b29d481df 100644
--- a/tests/modules/settings/settings.core.tf
+++ b/tests/modules/settings/settings.core.tf
@@ -1,97 +1,7 @@
# Configure the custom landing zones to deploy in
# addition the core resource hierarchy.
locals {
- custom_landing_zones = {
- "${var.root_id}-secure" = {
- display_name = "Secure Workloads (HITRUST/HIPAA)"
- parent_management_group_id = "${var.root_id}-landing-zones"
- subscription_ids = []
- archetype_config = {
- archetype_id = "customer_secure"
- parameters = {
- Deny-Resource-Locations = {
- listOfAllowedLocations = [
- "eastus",
- "westus",
- ]
- }
- Deny-RSG-Locations = {
- listOfAllowedLocations = [
- "eastus",
- "westus",
- ]
- }
- Deploy-HITRUST-HIPAA = {
- CertificateThumbprints = ""
- DeployDiagnosticSettingsforNetworkSecurityGroupsrgName = "${var.root_id}-rg"
- DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix = var.root_id
- installedApplicationsOnWindowsVM = ""
- listOfLocations = [
- "eastus",
- ]
- }
- }
- access_control = {}
- }
- }
- "${var.root_id}-web-global" = {
- display_name = "Global Web Applications"
- parent_management_group_id = "${var.root_id}-online"
- subscription_ids = []
- archetype_config = {
- archetype_id = "default_empty"
- parameters = {}
- access_control = {}
- }
- }
- "${var.root_id}-web-us" = {
- display_name = "US Web Applications"
- parent_management_group_id = "${var.root_id}-online"
- subscription_ids = []
- archetype_config = {
- archetype_id = "customer_online"
- parameters = {
- Deny-Resource-Locations = {
- listOfAllowedLocations = [
- "eastus",
- "westus",
- ]
- }
- Deny-RSG-Locations = {
- listOfAllowedLocations = [
- "eastus",
- "westus",
- ]
- }
- }
- access_control = {}
- }
- }
- "${var.root_id}-web-emea" = {
- display_name = "EMEA Web Applications"
- parent_management_group_id = "${var.root_id}-online"
- subscription_ids = []
- archetype_config = {
- archetype_id = "customer_online"
- parameters = {
- Deny-Resource-Locations = {
- listOfAllowedLocations = [
- "northeurope",
- "westeurope",
- ]
- }
- Deny-RSG-Locations = {
- listOfAllowedLocations = [
- "northeurope",
- "westeurope",
- ]
- }
- }
- access_control = {}
- }
- }
-
- }
+ custom_landing_zones = {}
}
# Configure the archetype config overrides to customize
diff --git a/tests/modules/settings/settings.management.tf b/tests/modules/settings/settings.management.tf
index 8ccbb4c15..535523a8f 100644
--- a/tests/modules/settings/settings.management.tf
+++ b/tests/modules/settings/settings.management.tf
@@ -2,23 +2,22 @@
locals {
configure_management_resources = {
settings = {
+ ama = {
+ enable_uami = true
+ enable_vminsights_dcr = true
+ enable_change_tracking_dcr = true
+ enable_mdfc_defender_for_sql_dcr = true
+ enable_mdfc_defender_for_sql_query_collection_for_security_research = true
+ }
log_analytics = {
enabled = true
config = {
- retention_in_days = 60
- enable_monitoring_for_arc = false
- enable_monitoring_for_vm = false
- enable_monitoring_for_vmss = false
- enable_solution_for_agent_health_assessment = false
- enable_solution_for_anti_malware = false
- enable_solution_for_azure_activity = false
- enable_solution_for_change_tracking = false
- enable_solution_for_service_map = false
- enable_solution_for_sql_assessment = false
- enable_solution_for_updates = false
- enable_solution_for_vm_insights = false
- enable_solution_for_container_insights = false
- enable_sentinel = false
+ retention_in_days = 60
+ enable_monitoring_for_arc = true
+ enable_monitoring_for_vm = true
+ enable_monitoring_for_vmss = true
+ enable_change_tracking = true
+ enable_sentinel = true
}
}
security_center = {
diff --git a/tests/modules/settings/terraform.tf b/tests/modules/settings/terraform.tf
index a775c4f5f..133c04039 100644
--- a/tests/modules/settings/terraform.tf
+++ b/tests/modules/settings/terraform.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.74.0"
+ version = "~> 3.107"
}
}
}
diff --git a/tests/modules/test_001_baseline/baseline_values.json b/tests/modules/test_001_baseline/baseline_values.json
deleted file mode 100644
index f48d186b4..000000000
--- a/tests/modules/test_001_baseline/baseline_values.json
+++ /dev/null
@@ -1,7914 +0,0 @@
-{
- "root_module": {
- "child_modules": [
- {
- "resources": [
- {
- "address": "module.settings.azurerm_resource_group.example",
- "mode": "managed",
- "type": "azurerm_resource_group",
- "name": "example",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "location": "northeurope",
- "managed_by": null,
- "name": "rg-identity",
- "tags": null,
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.settings.azurerm_user_assigned_identity.example",
- "mode": "managed",
- "type": "azurerm_user_assigned_identity",
- "name": "example",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "location": "northeurope",
- "name": "id-identity",
- "resource_group_name": "rg-identity",
- "tags": null,
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.settings"
- },
- {
- "resources": [
- {
- "address": "module.test_core.azurerm_management_group.level_1[\"/providers/Microsoft.Management/managementGroups/root-id-1\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_1",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "root-name",
- "name": "root-id-1",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/dac8feee-8768-4fbd-9cf9-9d96d4718018",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_2[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_2",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Decommissioned",
- "name": "root-id-1-decommissioned",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_2[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_2",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Landing Zones",
- "name": "root-id-1-landing-zones",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_2[\"/providers/Microsoft.Management/managementGroups/root-id-1-platform\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_2",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Platform",
- "name": "root-id-1-platform",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_2[\"/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_2",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Sandboxes",
- "name": "root-id-1-sandboxes",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Connectivity",
- "name": "root-id-1-connectivity",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Identity",
- "name": "root-id-1-identity",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-management\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-management",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Management",
- "name": "root-id-1-management",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Protect your virtual networks against volumetric and protocol attacks with Azure DDoS Network Protection. For more information, visit https://aka.ms/ddosprotectiondocs.",
- "display_name": "Virtual networks should be protected by Azure DDoS Network Protection",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "name": "Enable-DDoS-VNET",
- "non_compliance_message": [
- {
- "content": "This resource should be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"ddosPlan\":{\"value\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/root-id-1-ddos/providers/Microsoft.Network/ddosProtectionPlans/root-id-1-ddos-northeurope\"},\"effect\":{\"value\":\"Modify\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative will help enforce and govern subscriptions that are placed within the decommissioned Management Group as part of your Subscription decommissioning process. See https://aka.ms/alz/policies for more information.",
- "display_name": "Enforce ALZ Decommissioned Guardrails",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned",
- "name": "Enforce-ALZ-Decomm",
- "non_compliance_message": [
- {
- "content": "This resource must be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfResourceTypesAllowed\":{\"value\":[\"microsoft.consumption/tags\",\"microsoft.authorization/roleassignments\",\"microsoft.authorization/roledefinitions\",\"microsoft.authorization/policyassignments\",\"microsoft.authorization/locks\",\"microsoft.authorization/policydefinitions\",\"microsoft.authorization/policysetdefinitions\",\"microsoft.resources/tags\",\"microsoft.authorization/roleeligibilityschedules\",\"microsoft.authorization/roleeligibilityscheduleinstances\",\"microsoft.authorization/roleassignmentschedules\",\"microsoft.authorization/roleassignmentscheduleinstances\"]}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies any network security rule that allows management port access from the Internet",
- "display_name": "Management port access from the Internet should be blocked",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "name": "Deny-MgmtPorts-Internet",
- "non_compliance_message": [
- {
- "content": "Management port access from the Internet must be blocked.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies creation of Public IPs under the assigned scope.",
- "display_name": "Deny the creation of public IP",
- "enforce": false,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "name": "Deny-Public-IP",
- "non_compliance_message": [
- {
- "content": "Public IPs should not be created under this scope.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"},\"listOfResourceTypesNotAllowed\":{\"value\":[\"Microsoft.Network/publicIPAddresses\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a subnet without a Network Security Group to protect traffic across subnets.",
- "display_name": "Subnets should have a Network Security Group",
- "enforce": false,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "name": "Deny-Subnet-Without-Nsg",
- "non_compliance_message": [
- {
- "content": "Subnets should have a Network Security Group.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag.",
- "display_name": "Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "name": "Deploy-VM-Backup",
- "non_compliance_message": [
- {
- "content": "Backup on virtual machines without a given tag should be configured to a new recovery services vault with a default policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"deployIfNotExists\"},\"exclusionTagName\":{\"value\":\"\"},\"exclusionTagValue\":{\"value\":[]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Audit-AppGW-WAF\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Audit-AppGW-WAF",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Assign the WAF should be enabled for Application Gateway audit policy.",
- "display_name": "Web Application Firewall (WAF) should be enabled for Application Gateway",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Audit-AppGW-WAF",
- "non_compliance_message": [
- {
- "content": "Web Application Firewall (WAF) must be enabled for Application Gateway.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Audit\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-IP-forwarding\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-IP-forwarding",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team.",
- "display_name": "Network interfaces should disable IP forwarding",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-IP-forwarding",
- "non_compliance_message": [
- {
- "content": "Network interfaces must disable IP forwarding.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies any network security rule that allows management port access from the Internet",
- "display_name": "Management port access from the Internet should be blocked",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-MgmtPorts-Internet",
- "non_compliance_message": [
- {
- "content": "Management port access from the Internet must be blocked.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Priv-Esc-AKS\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Priv-Esc-AKS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.",
- "display_name": "Kubernetes clusters should not allow container privilege escalation",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-Priv-Esc-AKS",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Privileged-AKS\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Privileged-AKS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.",
- "display_name": "Kubernetes cluster should not allow privileged containers",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-Privileged-AKS",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Storage-http\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Storage-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
- "display_name": "Secure transfer to storage accounts should be enabled",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-Storage-http",
- "non_compliance_message": [
- {
- "content": "Secure transfer to storage accounts must be enabled.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a subnet without a Network Security Group to protect traffic across subnets.",
- "display_name": "Subnets should have a Network Security Group",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-Subnet-Without-Nsg",
- "non_compliance_message": [
- {
- "content": "Subnets must have a Network Security Group.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc.",
- "display_name": "Deploy Azure Policy Add-on to Azure Kubernetes Service clusters",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-AKS-Policy",
- "non_compliance_message": [
- {
- "content": "This resource must be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "To ensure the operations performed against your SQL assets are captured, SQL servers should have auditing enabled. If auditing is not enabled, this policy will configure auditing events to flow to the specified Log Analytics workspace.",
- "display_name": "Configure SQL servers to have auditing enabled to Log Analytics workspace",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-AzSqlDb-Auditing",
- "non_compliance_message": [
- {
- "content": "SQL servers must have auditing enabled to Log Analytics workspace.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"logAnalyticsWorkspaceId\":{\"value\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/root-id-1-mgmt/providers/microsoft.operationalinsights/workspaces/root-id-1-la\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/25da7dfb-0666-4a15-a8f5-402127efd8bb",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy ensures that Transparent Data Encryption is enabled on SQL Servers.",
- "display_name": "Deploy TDE on SQL servers",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-SQL-TDE",
- "non_compliance_message": [
- {
- "content": "TDE must be deployed on SQL servers.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy ensures that Threat Detection is enabled on SQL Servers.",
- "display_name": "Deploy Threat Detection on SQL servers",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-SQL-Threat",
- "non_compliance_message": [
- {
- "content": "Threat Detection must be deployed on SQL servers.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag.",
- "display_name": "Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-VM-Backup",
- "non_compliance_message": [
- {
- "content": "Backup on virtual machines without a given tag must be configured to a new recovery services vault with a default policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Protect your virtual networks against volumetric and protocol attacks with Azure DDoS Network Protection. For more information, visit https://aka.ms/ddosprotectiondocs.",
- "display_name": "Virtual networks should be protected by Azure DDoS Network Protection",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Enable-DDoS-VNET",
- "non_compliance_message": [
- {
- "content": "This resource should be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"ddosPlan\":{\"value\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/root-id-1-ddos/providers/Microsoft.Network/ddosProtectionPlans/root-id-1-ddos-northeurope\"},\"effect\":{\"value\":\"Modify\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-AKS-HTTPS\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-AKS-HTTPS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for AKS Engine and Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc",
- "display_name": "Kubernetes clusters should be accessible only over HTTPS",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Enforce-AKS-HTTPS",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative assignment enables recommended ALZ guardrails for Azure Key Vault.",
- "display_name": "Enforce recommended guardrails for Azure Key Vault",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Enforce-GR-KeyVault",
- "non_compliance_message": [
- {
- "content": "This resource must be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit.",
- "display_name": "Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Enforce-TLS-SSL",
- "non_compliance_message": [
- {
- "content": "TLS and SSL must be enabled for on resources without encryption in transit.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy resource group containing Log Analytics workspace and linked automation account to centralize logs and monitoring. The automation account is aprerequisite for solutions like Updates and Change Tracking.",
- "display_name": "Configure Log Analytics workspace and automation account to centralize logs and monitoring",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-management",
- "name": "Deploy-Log-Analytics",
- "non_compliance_message": [
- {
- "content": "Log Analytics workspace and automation account should be configured to centralize logs and monitoring.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"automationAccountName\":{\"value\":\"root-id-1-automation\"},\"automationRegion\":{\"value\":\"northeurope\"},\"dataRetention\":{\"value\":\"30\"},\"rgName\":{\"value\":\"root-id-1-mgmt\"},\"sku\":{\"value\":\"pergb2018\"},\"workspaceName\":{\"value\":\"root-id-1-la\"},\"workspaceRegion\":{\"value\":\"northeurope\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/8e3e61b3-0b32-22d5-4edf-55f87fdb5955",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-platform/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-platform/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative assignment enables recommended ALZ guardrails for Azure Key Vault.",
- "display_name": "Enforce recommended guardrails for Azure Key Vault",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "name": "Enforce-GR-KeyVault",
- "non_compliance_message": [
- {
- "content": "This resource must be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Sandbox\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Sandbox",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative will help enforce and govern subscriptions that are placed within the Sandbox Management Group. See https://aka.ms/alz/policies for more information.",
- "display_name": "Enforce ALZ Sandbox Guardrails",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes",
- "name": "Enforce-ALZ-Sandbox",
- "non_compliance_message": [
- {
- "content": "ALZ Sandbox Guardrails must be enforced.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfResourceTypesNotAllowed\":{\"value\":[\"microsoft.network/expressroutecircuits\",\"microsoft.network/expressroutegateways\",\"microsoft.network/expressrouteports\",\"microsoft.network/virtualwans\",\"microsoft.network/virtualhubs\",\"microsoft.network/vpngateways\",\"microsoft.network/p2svpngateways\",\"microsoft.network/vpnsites\",\"microsoft.network/virtualnetworkgateways\"]}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Audit-UnusedResources\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Audit-UnusedResources",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This Policy initiative is a group of Policy definitions that help optimize cost by detecting unused but chargeable resources. Leverage this Policy initiative as a cost control to reveal orphaned resources that are driving cost.",
- "display_name": "Unused resources driving cost should be avoided",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Audit-UnusedResources",
- "non_compliance_message": [
- {
- "content": "Unused resources driving cost must be avoided.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"EffectDisks\":{\"value\":\"Audit\"},\"EffectPublicIpAddresses\":{\"value\":\"Audit\"},\"EffectServerFarms\":{\"value\":\"Audit\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Audit-UnusedResourcesCostOptimization",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Classic-Resources\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Classic-Resources",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Denies deployment of classic resource types under the assigned scope.",
- "display_name": "Deny the deployment of classic resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deny-Classic-Resources",
- "non_compliance_message": [
- {
- "content": "Classic resources must not be deployed.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"},\"listOfResourceTypesNotAllowed\":{\"value\":[\"Microsoft.ClassicCompute/capabilities\",\"Microsoft.ClassicCompute/checkDomainNameAvailability\",\"Microsoft.ClassicCompute/domainNames\",\"Microsoft.ClassicCompute/domainNames/capabilities\",\"Microsoft.ClassicCompute/domainNames/internalLoadBalancers\",\"Microsoft.ClassicCompute/domainNames/serviceCertificates\",\"Microsoft.ClassicCompute/domainNames/slots\",\"Microsoft.ClassicCompute/domainNames/slots/roles\",\"Microsoft.ClassicCompute/domainNames/slots/roles/metricDefinitions\",\"Microsoft.ClassicCompute/domainNames/slots/roles/metrics\",\"Microsoft.ClassicCompute/moveSubscriptionResources\",\"Microsoft.ClassicCompute/operatingSystemFamilies\",\"Microsoft.ClassicCompute/operatingSystems\",\"Microsoft.ClassicCompute/operations\",\"Microsoft.ClassicCompute/operationStatuses\",\"Microsoft.ClassicCompute/quotas\",\"Microsoft.ClassicCompute/resourceTypes\",\"Microsoft.ClassicCompute/validateSubscriptionMoveAvailability\",\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines/diagnosticSettings\",\"Microsoft.ClassicCompute/virtualMachines/metricDefinitions\",\"Microsoft.ClassicCompute/virtualMachines/metrics\",\"Microsoft.ClassicInfrastructureMigrate/classicInfrastructureResources\",\"Microsoft.ClassicNetwork/capabilities\",\"Microsoft.ClassicNetwork/expressRouteCrossConnections\",\"Microsoft.ClassicNetwork/expressRouteCrossConnections/peerings\",\"Microsoft.ClassicNetwork/gatewaySupportedDevices\",\"Microsoft.ClassicNetwork/networkSecurityGroups\",\"Microsoft.ClassicNetwork/operations\",\"Microsoft.ClassicNetwork/quotas\",\"Microsoft.ClassicNetwork/reservedIps\",\"Microsoft.ClassicNetwork/virtualNetworks\",\"Microsoft.ClassicNetwork/virtualNetworks/remoteVirtualNetworkPeeringProxies\",\"Microsoft.ClassicNetwork/virtualNetworks/virtualNetworkPeerings\",\"Microsoft.ClassicStorage/capabilities\",\"Microsoft.ClassicStorage/checkStorageAccountAvailability\",\"Microsoft.ClassicStorage/disks\",\"Microsoft.ClassicStorage/images\",\"Microsoft.ClassicStorage/operations\",\"Microsoft.ClassicStorage/osImages\",\"Microsoft.ClassicStorage/osPlatformImages\",\"Microsoft.ClassicStorage/publicImages\",\"Microsoft.ClassicStorage/quotas\",\"Microsoft.ClassicStorage/storageAccounts\",\"Microsoft.ClassicStorage/storageAccounts/blobServices\",\"Microsoft.ClassicStorage/storageAccounts/fileServices\",\"Microsoft.ClassicStorage/storageAccounts/metricDefinitions\",\"Microsoft.ClassicStorage/storageAccounts/metrics\",\"Microsoft.ClassicStorage/storageAccounts/queueServices\",\"Microsoft.ClassicStorage/storageAccounts/services\",\"Microsoft.ClassicStorage/storageAccounts/services/diagnosticSettings\",\"Microsoft.ClassicStorage/storageAccounts/services/metricDefinitions\",\"Microsoft.ClassicStorage/storageAccounts/services/metrics\",\"Microsoft.ClassicStorage/storageAccounts/tableServices\",\"Microsoft.ClassicStorage/storageAccounts/vmImages\",\"Microsoft.ClassicStorage/vmImages\",\"Microsoft.ClassicSubscription/operations\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-UnmanagedDisk\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-UnmanagedDisk",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny virtual machines that do not use managed disk. It checks the managed disk property on virtual machine OS Disk fields.",
- "display_name": "Deny virtual machines and virtual machine scale sets that do not use managed disk",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deny-UnmanagedDisk",
- "non_compliance_message": [
- {
- "content": "Virtual machines and virtual machine scales sets must use a managed disk.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [
- {
- "selectors": [],
- "value": "Deny"
- }
- ],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [
- {
- "selectors": []
- }
- ],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Microsoft Cloud Security Benchmark policy initiative.",
- "display_name": "Microsoft Cloud Security Benchmark",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-ASC-Monitoring",
- "non_compliance_message": [
- {
- "content": "Microsoft Cloud Security Benchmark must be met.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Activity to stream subscriptions audit logs to a Log Analytics workspace to monitor subscription-level events",
- "display_name": "Configure Azure Activity logs to stream to specified Log Analytics workspace",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-AzActivity-Log",
- "non_compliance_message": [
- {
- "content": "Azure Activity logs must be configured to stream to specified Log Analytics workspace.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"logAnalytics\":{\"value\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"},\"logsEnabled\":{\"value\":\"True\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/2465583e-4e78-4c15-b6be-a36cbc7c8b0f",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Microsoft Defender for Endpoint agent on applicable images.",
- "display_name": "[Preview]: Deploy Microsoft Defender for Endpoint agent",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-MDEndpoints",
- "non_compliance_message": [
- {
- "content": "Microsoft Defender for Endpoint agent must be deployed on applicable images.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"microsoftDefenderForEndpointLinuxArcAgentDeployEffect\":{\"value\":\"DeployIfNotExists\"},\"microsoftDefenderForEndpointLinuxVmAgentDeployEffect\":{\"value\":\"DeployIfNotExists\"},\"microsoftDefenderForEndpointWindowsArcAgentDeployEffect\":{\"value\":\"DeployIfNotExists\"},\"microsoftDefenderForEndpointWindowsVmAgentDeployEffect\":{\"value\":\"DeployIfNotExists\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/e20d08c5-6d64-656d-6465-ce9e37fd0ebc",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Microsoft Defender for Cloud and Security Contacts",
- "display_name": "Deploy Microsoft Defender for Cloud configuration",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-MDFC-Config",
- "non_compliance_message": [
- {
- "content": "Microsoft Defender for Cloud and Security Contacts must be deployed.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"ascExportResourceGroupLocation\":{\"value\":\"northeurope\"},\"ascExportResourceGroupName\":{\"value\":\"root-id-1-asc-export\"},\"emailSecurityContact\":{\"value\":\"security_contact@replace_me\"},\"enableAscForApis\":{\"value\":\"DeployIfNotExists\"},\"enableAscForAppServices\":{\"value\":\"DeployIfNotExists\"},\"enableAscForArm\":{\"value\":\"DeployIfNotExists\"},\"enableAscForContainers\":{\"value\":\"DeployIfNotExists\"},\"enableAscForCosmosDbs\":{\"value\":\"DeployIfNotExists\"},\"enableAscForCspm\":{\"value\":\"DeployIfNotExists\"},\"enableAscForDns\":{\"value\":\"DeployIfNotExists\"},\"enableAscForKeyVault\":{\"value\":\"DeployIfNotExists\"},\"enableAscForOssDb\":{\"value\":\"DeployIfNotExists\"},\"enableAscForServers\":{\"value\":\"DeployIfNotExists\"},\"enableAscForServersVulnerabilityAssessments\":{\"value\":\"DeployIfNotExists\"},\"enableAscForSql\":{\"value\":\"DeployIfNotExists\"},\"enableAscForSqlOnVm\":{\"value\":\"DeployIfNotExists\"},\"enableAscForStorage\":{\"value\":\"DeployIfNotExists\"},\"logAnalytics\":{\"value\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"},\"vulnerabilityAssessmentProvider\":{\"value\":\"default\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enable Advanced Threat Protection on your non-Basic tier open-source relational databases to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. See https://aka.ms/AzDforOpenSourceDBsDocu.",
- "display_name": "Configure Advanced Threat Protection to be enabled on open-source relational databases",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-MDFC-OssDb",
- "non_compliance_message": [
- {
- "content": "Advanced Threat Protection must be enabled on open-source relational databases.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/e77fc0b3-f7e9-4c58-bc13-cb753ed8e46e",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enable Azure Defender on your SQL Servers and SQL Managed Instances to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.",
- "display_name": "Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-MDFC-SqlAtp",
- "non_compliance_message": [
- {
- "content": "Azure Defender must be enabled on SQL Servers and SQL Managed Instances.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included",
- "display_name": "Deploy Diagnostic Settings to Azure Services",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-Resource-Diag",
- "non_compliance_message": [
- {
- "content": "Diagnostic settings must be deployed to Azure services.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"logAnalytics\":{\"value\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter.",
- "display_name": "Enable Azure Monitor for VMs",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-VM-Monitoring",
- "non_compliance_message": [
- {
- "content": "Azure Monitor must be enabled for Virtual Machines.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"logAnalytics_1\":{\"value\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VMSS-Monitoring\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VMSS-Monitoring",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.",
- "display_name": "Enable Azure Monitor for Virtual Machine Scale Sets",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-VMSS-Monitoring",
- "non_compliance_message": [
- {
- "content": "Azure Monitor must be enabled for Virtual Machines Scales Sets.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"logAnalytics_1\":{\"value\":\"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative assignment enables Azure Compute Security Baseline compliance auditing for Windows and Linux virtual machines.",
- "display_name": "Enforce Azure Compute Security Baseline compliance auditing",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Enforce-ACSB",
- "non_compliance_message": [
- {
- "content": "Azure Compute Security Baseline compliance auditing must be enforced.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Appends the AppService sites object to ensure that HTTPS only is enabled for server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.",
- "display_name": "AppService append enable https only setting to enforce https setting.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Append-AppService-httpsonly",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"field\":\"Microsoft.Web/sites/httpsOnly\",\"notequals\":true}]},\"then\":{\"details\":[{\"field\":\"Microsoft.Web/sites/httpsOnly\",\"value\":true}],\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Append the AppService sites object to ensure that min Tls version is set to required minimum TLS version. Please note Append does not enforce compliance use then deny.",
- "display_name": "AppService append sites with minimum TLS version to enforce.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Append-AppService-latestTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version for a Web App config to enforce\",\"displayName\":\"Select version minimum TLS Web App config\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"exists\":\"true\",\"field\":\"Microsoft.Web/sites/config/minTlsVersion\"},{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"notEquals\":\"[parameters('minTlsVersion')]\"}]},\"then\":{\"details\":[{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"value\":\"[parameters('minTlsVersion')]\"}],\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-KV-SoftDelete\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-KV-SoftDelete",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy enables you to ensure when a Key Vault is created with out soft delete enabled it will be added.",
- "display_name": "KeyVault SoftDelete should be enabled",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Key Vault\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Append-KV-SoftDelete",
- "parameters": null,
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.KeyVault/vaults\",\"field\":\"type\"},{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"notEquals\":true}]}]},\"then\":{\"details\":[{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"value\":true}],\"effect\":\"append\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cache\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "Indexed",
- "name": "Append-Redis-disableNonSslPort",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure Cache for Redis\",\"displayName\":\"Effect Azure Cache for Redis\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Cache/redis\",\"field\":\"type\"},{\"anyOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Cache/Redis/enableNonSslPort\"}]}]},\"then\":{\"details\":[{\"field\":\"Microsoft.Cache/Redis/enableNonSslPort\",\"value\":false}],\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Append a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cache\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Append-Redis-sslEnforcement",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure Cache for Redis\",\"displayName\":\"Effect Azure Cache for Redis\"},\"type\":\"String\"},\"minimumTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Cache for Redis to enforce\",\"displayName\":\"Select version for Redis server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Cache/redis\",\"field\":\"type\"},{\"anyOf\":[{\"field\":\"Microsoft.Cache/Redis/minimumTlsVersion\",\"notequals\":\"[parameters('minimumTlsVersion')]\"}]}]},\"then\":{\"details\":[{\"field\":\"Microsoft.Cache/Redis/minimumTlsVersion\",\"value\":\"[parameters('minimumTlsVersion')]\"}],\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by enabling Azure Hybrid Benefit. Leverage this Policy definition as a cost control to reveal Virtual Machines not using AHUB.",
- "display_name": "Audit AHUB for eligible VMs",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Audit-AzureHybridBenefit",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.Compute/virtualMachineScaleSets\"]},{\"equals\":\"MicrosoftWindowsServer\",\"field\":\"Microsoft.Compute/imagePublisher\"},{\"equals\":\"WindowsServer\",\"field\":\"Microsoft.Compute/imageOffer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2008-R2-SP1*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2012-*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2016-*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2019-*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2022-*\"}]},{\"field\":\"Microsoft.Compute/licenseType\",\"notEquals\":\"Windows_Server\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by detecting unused but chargeable resources. Leverage this Policy definition as a cost control to reveal orphaned Disks that are driving cost.",
- "display_name": "Unused Disks driving cost should be avoided",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Audit-Disks-UnusedResourcesCostOptimization",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Compute/disks\",\"field\":\"type\"},{\"equals\":\"Unattached\",\"field\":\"Microsoft.Compute/disks/diskState\"},{\"allof\":[{\"field\":\"name\",\"notlike\":\"*-ASRReplica\"},{\"field\":\"name\",\"notlike\":\"ms-asr-*\"},{\"field\":\"name\",\"notlike\":\"asrseeddisk-*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-MachineLearning-PrivateEndpointId\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-MachineLearning-PrivateEndpointId",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.",
- "display_name": "Control private endpoint connections to Azure Machine Learning",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Audit-MachineLearning-PrivateEndpointId",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\",\"field\":\"type\"},{\"equals\":\"Approved\",\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id\"},{\"notEquals\":\"[subscription().subscriptionId]\",\"value\":\"[split(concat(field('Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id'), '//'), '/')[2]]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy audits the creation of a Private Link Private DNS Zones in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription",
- "display_name": "Audit the creation of Private Link Private DNS Zones",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "Indexed",
- "name": "Audit-PrivateLinkDnsZones",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"privateLinkDnsZones\":{\"defaultValue\":[\"privatelink.adf.azure.com\",\"privatelink.afs.azure.net\",\"privatelink.agentsvc.azure-automation.net\",\"privatelink.analysis.windows.net\",\"privatelink.api.azureml.ms\",\"privatelink.azconfig.io\",\"privatelink.azure-api.net\",\"privatelink.azure-automation.net\",\"privatelink.azurecr.io\",\"privatelink.azure-devices.net\",\"privatelink.azure-devices-provisioning.net\",\"privatelink.azuredatabricks.net\",\"privatelink.azurehdinsight.net\",\"privatelink.azurehealthcareapis.com\",\"privatelink.azurestaticapps.net\",\"privatelink.azuresynapse.net\",\"privatelink.azurewebsites.net\",\"privatelink.batch.azure.com\",\"privatelink.blob.core.windows.net\",\"privatelink.cassandra.cosmos.azure.com\",\"privatelink.cognitiveservices.azure.com\",\"privatelink.database.windows.net\",\"privatelink.datafactory.azure.net\",\"privatelink.dev.azuresynapse.net\",\"privatelink.dfs.core.windows.net\",\"privatelink.dicom.azurehealthcareapis.com\",\"privatelink.digitaltwins.azure.net\",\"privatelink.directline.botframework.com\",\"privatelink.documents.azure.com\",\"privatelink.eventgrid.azure.net\",\"privatelink.file.core.windows.net\",\"privatelink.gremlin.cosmos.azure.com\",\"privatelink.guestconfiguration.azure.com\",\"privatelink.his.arc.azure.com\",\"privatelink.kubernetesconfiguration.azure.com\",\"privatelink.managedhsm.azure.net\",\"privatelink.mariadb.database.azure.com\",\"privatelink.media.azure.net\",\"privatelink.mongo.cosmos.azure.com\",\"privatelink.monitor.azure.com\",\"privatelink.mysql.database.azure.com\",\"privatelink.notebooks.azure.net\",\"privatelink.ods.opinsights.azure.com\",\"privatelink.oms.opinsights.azure.com\",\"privatelink.pbidedicated.windows.net\",\"privatelink.postgres.database.azure.com\",\"privatelink.prod.migration.windowsazure.com\",\"privatelink.purview.azure.com\",\"privatelink.purviewstudio.azure.com\",\"privatelink.queue.core.windows.net\",\"privatelink.redis.cache.windows.net\",\"privatelink.redisenterprise.cache.azure.net\",\"privatelink.search.windows.net\",\"privatelink.service.signalr.net\",\"privatelink.servicebus.windows.net\",\"privatelink.siterecovery.windowsazure.com\",\"privatelink.sql.azuresynapse.net\",\"privatelink.table.core.windows.net\",\"privatelink.table.cosmos.azure.com\",\"privatelink.tip1.powerquery.microsoft.com\",\"privatelink.token.botframework.com\",\"privatelink.vaultcore.azure.net\",\"privatelink.web.core.windows.net\",\"privatelink.webpubsub.azure.com\"],\"metadata\":{\"description\":\"An array of Private Link Private DNS Zones to check for the existence of in the assigned scope.\",\"displayName\":\"Private Link Private DNS Zones\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/privateDnsZones\",\"field\":\"type\"},{\"field\":\"name\",\"in\":\"[parameters('privateLinkDnsZones')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by detecting unused but chargeable resources. Leverage this Policy definition as a cost control to reveal orphaned Public IP addresses that are driving cost.",
- "display_name": "Unused Public IP addresses driving cost should be avoided",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Audit-PublicIpAddresses-UnusedResourcesCostOptimization",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"microsoft.network/publicIpAddresses\",\"field\":\"type\"},{\"field\":\"Microsoft.Network/publicIPAddresses/sku.name\",\"notEquals\":\"Basic\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.Network/publicIPAddresses/natGateway\"},{\"equals\":true,\"value\":\"[equals(length(field('Microsoft.Network/publicIPAddresses/natGateway')), 0)]\"}]},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.Network/publicIPAddresses/ipConfiguration\"},{\"equals\":true,\"value\":\"[equals(length(field('Microsoft.Network/publicIPAddresses/ipConfiguration')), 0)]\"}]},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.Network/publicIPAddresses/publicIPPrefix\"},{\"equals\":true,\"value\":\"[equals(length(field('Microsoft.Network/publicIPAddresses/publicIPPrefix')), 0)]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by detecting unused but chargeable resources. Leverage this Policy definition as a cost control to reveal orphaned App Service plans that are driving cost.",
- "display_name": "Unused App Service plans driving cost should be avoided",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Audit-ServerFarms-UnusedResourcesCostOptimization",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/serverfarms\",\"field\":\"type\"},{\"field\":\"Microsoft.Web/serverFarms/sku.tier\",\"notEquals\":\"Free\"},{\"equals\":0,\"field\":\"Microsoft.Web/serverFarms/numberOfSites\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AA-child-resources\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AA-child-resources",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of child resources on the Automation Account",
- "display_name": "No child resources in Automation Account",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureUSGovernment\"],\"category\":\"Automation\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AA-child-resources",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Automation/automationAccounts/runbooks\",\"Microsoft.Automation/automationAccounts/variables\",\"Microsoft.Automation/automationAccounts/modules\",\"Microsoft.Automation/automationAccounts/credentials\",\"Microsoft.Automation/automationAccounts/connections\",\"Microsoft.Automation/automationAccounts/certificates\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGW-Without-WAF\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGW-Without-WAF",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy enables you to restrict that Application Gateways is always deployed with WAF enabled",
- "display_name": "Application Gateway should be deployed with WAF enabled",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AppGW-Without-WAF",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/applicationGateways\",\"field\":\"type\"},{\"field\":\"Microsoft.Network/applicationGateways/sku.name\",\"notequals\":\"WAF_v2\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.",
- "display_name": "API App should only be accessible over HTTPS",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AppServiceApiApp-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"equals\":\"false\",\"field\":\"Microsoft.Web/sites/httpsOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.",
- "display_name": "Function App should only be accessible over HTTPS",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AppServiceFunctionApp-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"equals\":\"false\",\"field\":\"Microsoft.Web/sites/httpsOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.",
- "display_name": "Web Application should only be accessible over HTTPS",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AppServiceWebApp-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"equals\":\"false\",\"field\":\"Microsoft.Web/sites/httpsOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-NoPublicIp\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-NoPublicIp",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Denies the deployment of workspaces that do not use the noPublicIp feature to host Databricks clusters without public IPs.",
- "display_name": "Deny public IPs for Databricks cluster",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Databricks\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Databricks-NoPublicIp",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Databricks/workspaces\",\"field\":\"type\"},{\"field\":\"Microsoft.DataBricks/workspaces/parameters.enableNoPublicIp.value\",\"notEquals\":true}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-Sku\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-Sku",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.",
- "display_name": "Deny non-premium Databricks sku",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Databricks\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Databricks-Sku",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Databricks/workspaces\",\"field\":\"type\"},{\"field\":\"Microsoft.DataBricks/workspaces/sku.name\",\"notEquals\":\"premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-VirtualNetwork\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-VirtualNetwork",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforces the use of vnet injection for Databricks workspaces.",
- "display_name": "Deny Databricks workspaces without Vnet injection",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Databricks\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Databricks-VirtualNetwork",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Databricks/workspaces\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.DataBricks/workspaces/parameters.customVirtualNetworkId.value\"},{\"exists\":false,\"field\":\"Microsoft.DataBricks/workspaces/parameters.customPublicSubnetName.value\"},{\"exists\":false,\"field\":\"Microsoft.DataBricks/workspaces/parameters.customPrivateSubnetName.value\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureAuth\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureAuth",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the use of insecure authentication methods (NTLMv2) when using File Services on a storage account.",
- "display_name": "File Services with insecure authentication methods should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-FileServices-InsecureAuth",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"notAllowedAuthMethods\":{\"allowedValues\":[\"NTLMv2\",\"Kerberos\"],\"defaultValue\":\"NTLMv2\",\"metadata\":{\"description\":\"The list of channelEncryption not allowed.\",\"displayName\":\"Authentication methods supported by server. Valid values are NTLMv2, Kerberos.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"contains\":\"[parameters('notAllowedAuthMethods')]\",\"field\":\"Microsoft.Storage/storageAccounts/fileServices/protocolSettings.smb.authenticationMethods\"},{\"equals\":\"Microsoft.Storage/storageAccounts/fileServices\",\"field\":\"type\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureKerberos\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureKerberos",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the use of insecure Kerberos ticket encryption (RC4-HMAC) when using File Services on a storage account.",
- "display_name": "File Services with insecure Kerberos ticket encryption should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-FileServices-InsecureKerberos",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"notAllowedKerberosTicketEncryption\":{\"allowedValues\":[\"RC4-HMAC\",\"AES-256\"],\"defaultValue\":\"RC4-HMAC\",\"metadata\":{\"description\":\"The list of kerberosTicketEncryption not allowed.\",\"displayName\":\"Kerberos ticket encryption supported by server. Valid values are RC4-HMAC, AES-256.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts/fileServices\",\"field\":\"type\"},{\"contains\":\"[parameters('notAllowedKerberosTicketEncryption')]\",\"field\":\"Microsoft.Storage/storageAccounts/fileServices/protocolSettings.smb.kerberosTicketEncryption\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbChannel\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbChannel",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the use of insecure channel encryption (AES-128-CCM) when using File Services on a storage account.",
- "display_name": "File Services with insecure SMB channel encryption should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-FileServices-InsecureSmbChannel",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"notAllowedChannelEncryption\":{\"allowedValues\":[\"AES-128-CCM\",\"AES-128-GCM\",\"AES-256-GCM\"],\"defaultValue\":\"AES-128-CCM\",\"metadata\":{\"description\":\"The list of channelEncryption not allowed.\",\"displayName\":\"SMB channel encryption supported by server. Valid values are AES-128-CCM, AES-128-GCM, AES-256-GCM.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts/fileServices\",\"field\":\"type\"},{\"contains\":\"[parameters('notAllowedChannelEncryption')]\",\"field\":\"Microsoft.Storage/storageAccounts/fileServices/protocolSettings.smb.channelEncryption\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbVersions\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbVersions",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the use of insecure versions of SMB (2.1 & 3.0) when using File Services on a storage account.",
- "display_name": "File Services with insecure SMB versions should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-FileServices-InsecureSmbVersions",
- "parameters": "{\"allowedSmbVersion\":{\"allowedValues\":[\"SMB2.1\",\"SMB3.0\",\"SMB3.1.1\"],\"defaultValue\":\"SMB3.1.1\",\"metadata\":{\"description\":\"The allowed SMB version for maximum security\",\"displayName\":\"Allowed SMB Version\"},\"type\":\"String\"},\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts/fileServices\",\"field\":\"type\"},{\"not\":{\"contains\":\"[parameters('allowedSmbVersion')]\",\"field\":\"Microsoft.Storage/storageAccounts/fileServices/protocolSettings.smb.versions\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Aks\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Aks",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny AKS cluster creation in Azure Machine Learning and enforce connecting to existing clusters.",
- "display_name": "Deny AKS cluster creation in Azure Machine Learning",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-Aks",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"equals\":\"AKS\",\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/resourceId\"},{\"equals\":true,\"value\":\"[empty(field('Microsoft.MachineLearningServices/workspaces/computes/resourceId'))]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-SubnetId\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-SubnetId",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances.",
- "display_name": "Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-Compute-SubnetId",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\"in\":[\"AmlCompute\",\"ComputeInstance\"]},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/subnet.id\"},{\"equals\":true,\"value\":\"[empty(field('Microsoft.MachineLearningServices/workspaces/computes/subnet.id'))]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-VmSize\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-VmSize",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances.",
- "display_name": "Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Budget\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-Compute-VmSize",
- "parameters": "{\"allowedVmSizes\":{\"defaultValue\":[\"Standard_D1_v2\",\"Standard_D2_v2\",\"Standard_D3_v2\",\"Standard_D4_v2\",\"Standard_D11_v2\",\"Standard_D12_v2\",\"Standard_D13_v2\",\"Standard_D14_v2\",\"Standard_DS1_v2\",\"Standard_DS2_v2\",\"Standard_DS3_v2\",\"Standard_DS4_v2\",\"Standard_DS5_v2\",\"Standard_DS11_v2\",\"Standard_DS12_v2\",\"Standard_DS13_v2\",\"Standard_DS14_v2\",\"Standard_M8-2ms\",\"Standard_M8-4ms\",\"Standard_M8ms\",\"Standard_M16-4ms\",\"Standard_M16-8ms\",\"Standard_M16ms\",\"Standard_M32-8ms\",\"Standard_M32-16ms\",\"Standard_M32ls\",\"Standard_M32ms\",\"Standard_M32ts\",\"Standard_M64-16ms\",\"Standard_M64-32ms\",\"Standard_M64ls\",\"Standard_M64ms\",\"Standard_M64s\",\"Standard_M128-32ms\",\"Standard_M128-64ms\",\"Standard_M128ms\",\"Standard_M128s\",\"Standard_M64\",\"Standard_M64m\",\"Standard_M128\",\"Standard_M128m\",\"Standard_D1\",\"Standard_D2\",\"Standard_D3\",\"Standard_D4\",\"Standard_D11\",\"Standard_D12\",\"Standard_D13\",\"Standard_D14\",\"Standard_DS15_v2\",\"Standard_NV6\",\"Standard_NV12\",\"Standard_NV24\",\"Standard_F2s_v2\",\"Standard_F4s_v2\",\"Standard_F8s_v2\",\"Standard_F16s_v2\",\"Standard_F32s_v2\",\"Standard_F64s_v2\",\"Standard_F72s_v2\",\"Standard_NC6s_v3\",\"Standard_NC12s_v3\",\"Standard_NC24rs_v3\",\"Standard_NC24s_v3\",\"Standard_NC6\",\"Standard_NC12\",\"Standard_NC24\",\"Standard_NC24r\",\"Standard_ND6s\",\"Standard_ND12s\",\"Standard_ND24rs\",\"Standard_ND24s\",\"Standard_NC6s_v2\",\"Standard_NC12s_v2\",\"Standard_NC24rs_v2\",\"Standard_NC24s_v2\",\"Standard_ND40rs_v2\",\"Standard_NV12s_v3\",\"Standard_NV24s_v3\",\"Standard_NV48s_v3\"],\"metadata\":{\"description\":\"Specifies the allowed VM Sizes for Aml Compute Clusters and Instances\",\"displayName\":\"Allowed VM Sizes for Aml Compute Clusters and Instances\"},\"type\":\"Array\"},\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\"in\":[\"AmlCompute\",\"ComputeInstance\"]},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/vmSize\",\"notIn\":\"[parameters('allowedVmSizes')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny public access of Azure Machine Learning clusters via SSH.",
- "display_name": "Deny public access of Azure Machine Learning clusters via SSH",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"equals\":\"AmlCompute\",\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\"notEquals\":\"Disabled\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-Scale\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-Scale",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce scale settings for Azure Machine Learning compute clusters.",
- "display_name": "Enforce scale settings for Azure Machine Learning compute clusters",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Budget\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-ComputeCluster-Scale",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"maxNodeCount\":{\"defaultValue\":10,\"metadata\":{\"description\":\"Specifies the maximum node count of AML Clusters\",\"displayName\":\"Maximum Node Count\"},\"type\":\"Integer\"},\"maxNodeIdleTimeInSecondsBeforeScaleDown\":{\"defaultValue\":900,\"metadata\":{\"description\":\"Specifies the maximum node idle time in seconds before scaledown\",\"displayName\":\"Maximum Node Idle Time in Seconds Before Scaledown\"},\"type\":\"Integer\"},\"minNodeCount\":{\"defaultValue\":0,\"metadata\":{\"description\":\"Specifies the minimum node count of AML Clusters\",\"displayName\":\"Minimum Node Count\"},\"type\":\"Integer\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"equals\":\"AmlCompute\",\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\"},{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.maxNodeCount\",\"greater\":\"[parameters('maxNodeCount')]\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.minNodeCount\",\"greater\":\"[parameters('minNodeCount')]\"},{\"greater\":\"[parameters('maxNodeIdleTimeInSecondsBeforeScaleDown')]\",\"value\":\"[int(last(split(replace(replace(replace(replace(replace(replace(replace(field('Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.nodeIdleTimeBeforeScaleDown'), 'P', '/'), 'Y', '/'), 'M', '/'), 'D', '/'), 'T', '/'), 'H', '/'), 'S', ''), '/')))]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-HbiWorkspace\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-HbiWorkspace",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforces high business impact Azure Machine Learning workspaces.",
- "display_name": "Enforces high business impact Azure Machine Learning Workspaces",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-HbiWorkspace",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\"notEquals\":true}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicAccessWhenBehindVnet\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicAccessWhenBehindVnet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny public access behind vnet to Azure Machine Learning workspaces.",
- "display_name": "Deny public access behind vnet to Azure Machine Learning workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-PublicAccessWhenBehindVnet",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\"notEquals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Denies public network access for Azure Machine Learning workspaces. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/438c38d2-3772-465a-a9cc-7a6666a275ce.html",
- "display_name": "[Deprecated] Azure Machine Learning should have disabled public network access",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"438c38d2-3772-465a-a9cc-7a6666a275ce\",\"version\":\"1.0.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-PublicNetworkAccess",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces\",\"field\":\"type\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies any network security rule that allows management port access from the Internet",
- "display_name": "Management port access from the Internet should be blocked",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"replacesPolicy\":\"Deny-RDP-From-Internet\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.1.0\"}",
- "mode": "All",
- "name": "Deny-MgmtPorts-From-Internet",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"ports\":{\"defaultValue\":[\"22\",\"3389\"],\"metadata\":{\"description\":\"Ports to be blocked\",\"displayName\":\"Ports\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/networkSecurityGroups/securityRules\",\"field\":\"type\"},{\"allOf\":[{\"equals\":\"Allow\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/access\"},{\"equals\":\"Inbound\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/direction\"},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\"in\":\"[parameters('ports')]\"},{\"count\":{\"value\":\"[parameters('ports')]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'))), contains(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'),'-')), and(lessOrEquals(int(first(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),int(current())),greaterOrEquals(int(last(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),int(current()))), 'false')]\"}},\"greater\":0},{\"count\":{\"name\":\"ports\",\"value\":\"[parameters('ports')]\",\"where\":{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'))), contains(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'),'-')), and(lessOrEquals(int(first(split(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'), '-'))),int(current('ports'))),greaterOrEquals(int(last(split(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'), '-'))),int(current('ports')))) , 'false')]\"}},\"greater\":0}},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"notIn\":\"[parameters('ports')]\"}}]},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\"},{\"equals\":\"Internet\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\"},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\"notEquals\":\"Internet\"}}]}]}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/networkSecurityGroups\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*]\",\"where\":{\"allOf\":[{\"equals\":\"Allow\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].access\"},{\"equals\":\"Inbound\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\"},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\"in\":\"[parameters('ports')]\"},{\"count\":{\"name\":\"ports\",\"value\":\"[parameters('ports')]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'))), contains(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'),'-')), and(lessOrEquals(int(first(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'), '-'))),int(current('ports'))),greaterOrEquals(int(last(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'), '-'))),int(current('ports')))), 'false')]\"}},\"greater\":0},{\"count\":{\"name\":\"ports\",\"value\":\"[parameters('ports')]\",\"where\":{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'))), contains(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'),'-')), and(lessOrEquals(int(first(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'), '-'))),int(current('ports'))),greaterOrEquals(int(last(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'), '-'))),int(current('ports')))) , 'false')]\"}},\"greater\":0}},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\"notIn\":\"[parameters('ports')]\"}}]},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\"},{\"equals\":\"Internet\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\"},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\"notEquals\":\"Internet\"}}]}]}},\"greater\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "MySQL database servers enforce SSL connections.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MySql-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for MySQL server to enforce\",\"displayName\":\"Select version minimum TLS for MySQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforMySQL/servers\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.DBforMySQL/servers/sslEnforcement\"},{\"field\":\"Microsoft.DBforMySQL/servers/sslEnforcement\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "PostgreSQL database servers enforce SSL connection.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "Indexed",
- "name": "Deny-PostgreSql-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for PostgreSQL server to enforce\",\"displayName\":\"Select version minimum TLS for PostgreSQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforPostgreSQL/servers\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.DBforPostgreSQL/servers/sslEnforcement\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Private-DNS-Zones\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Private-DNS-Zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a private DNS in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription",
- "display_name": "Deny the creation of private DNS",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Private-DNS-Zones",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/privateDnsZones\",\"field\":\"type\"},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of Maria DB accounts with exposed public endpoints. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/fdccbe47-f3e3-4213-ad5d-ea459b2fa077.html",
- "display_name": "[Deprecated] Public network access should be disabled for MariaDB",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\"version\":\"1.0.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deny-PublicEndpoint-MariaDB",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforMariaDB/servers\",\"field\":\"type\"},{\"field\":\"Microsoft.DBforMariaDB/servers/publicNetworkAccess\",\"notequals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "[Deprecated] This policy denies creation of Public IPs under the assigned scope. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/6c112d4e-5bc7-47ae-a041-ea2d9dccd749.html using appropriate assignment parameters.",
- "display_name": "[Deprecated] Deny the creation of public IP",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\"version\":\"1.0.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deny-PublicIP",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/publicIPAddresses\",\"field\":\"type\"},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-RDP-From-Internet\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-RDP-From-Internet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies any network security rule that allows RDP access from Internet. This policy is superseded by https://www.azadvertizer.net/azpolicyadvertizer/Deny-MgmtPorts-From-Internet.html",
- "display_name": "[Deprecated] RDP access from the Internet should be blocked",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"Deny-MgmtPorts-From-Internet\",\"version\":\"1.0.1-deprecated\"}",
- "mode": "All",
- "name": "Deny-RDP-From-Internet",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/networkSecurityGroups/securityRules\",\"field\":\"type\"},{\"allOf\":[{\"equals\":\"Allow\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/access\"},{\"equals\":\"Inbound\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/direction\"},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\"},{\"equals\":\"3389\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\"},{\"equals\":\"true\",\"value\":\"[if(and(not(empty(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'))), contains(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'),'-')), and(lessOrEquals(int(first(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),3389),greaterOrEquals(int(last(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),3389)), 'false')]\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')))), contains(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')),'-')), and(lessOrEquals(int(first(split(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')), '-'))),3389),greaterOrEquals(int(last(split(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')), '-'))),3389)) , 'false')]\"}},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"notEquals\":\"3389\"}}]},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\"},{\"equals\":\"Internet\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\"},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\"notEquals\":\"Internet\"}}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audit enabling of only connections via SSL to Azure Cache for Redis. Validate both minimum TLS version and enableNonSslPort is disabled. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
- "display_name": "Azure Cache for Redis only secure connections should be enabled",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cache\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Redis-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimumTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select minimum TLS version for Azure Cache for Redis.\",\"displayName\":\"Select minumum TLS version for Azure Cache for Redis.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Cache/redis\",\"field\":\"type\"},{\"anyOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Cache/Redis/enableNonSslPort\"},{\"field\":\"Microsoft.Cache/Redis/minimumTlsVersion\",\"notequals\":\"[parameters('minimumTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.",
- "display_name": "Azure SQL Database should have the minimal TLS version set to the highest version",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Sql-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version SQL servers to enforce\",\"displayName\":\"Select version for SQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/servers\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.Sql/servers/minimalTlsVersion\"},{\"field\":\"Microsoft.Sql/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.",
- "display_name": "SQL Managed Instance should have the minimal TLS version set to the highest version",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-SqlMi-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version SQL servers to enforce\",\"displayName\":\"Select version for SQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/managedInstances\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.Sql/managedInstances/minimalTlsVersion\"},{\"field\":\"Microsoft.Sql/managedInstances/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of Storage Accounts with SFTP enabled for Blob Storage.",
- "display_name": "Storage Accounts with SFTP enabled should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Storage-SFTP",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts\",\"field\":\"type\"},{\"equals\":\"true\",\"field\":\"Microsoft.Storage/storageAccounts/isSftpEnabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
- "display_name": "Storage Account set to minimum TLS and Secure transfer should be enabled",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Storage-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimumTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_1\",\"TLS1_0\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version on Azure Storage Account to enforce\",\"displayName\":\"Storage Account select minimum TLS version\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts\",\"field\":\"type\"},{\"anyOf\":[{\"allOf\":[{\"less\":\"2019-04-01\",\"value\":\"[requestContext().apiVersion]\"},{\"exists\":\"false\",\"field\":\"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\"}]},{\"equals\":\"false\",\"field\":\"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\"},{\"field\":\"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\"notequals\":\"[parameters('minimumTlsVersion')]\"},{\"exists\":\"false\",\"field\":\"Microsoft.Storage/storageAccounts/minimumTlsVersion\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-StorageAccount-CustomDomain\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-StorageAccount-CustomDomain",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of Storage Accounts with custom domains assigned as communication cannot be encrypted, and always uses HTTP.",
- "display_name": "Storage Accounts with custom domains assigned should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-StorageAccount-CustomDomain",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"true\",\"field\":\"Microsoft.Storage/storageAccounts/customDomain\"},{\"equals\":\"true\",\"field\":\"Microsoft.Storage/storageAccounts/customDomain.useSubDomainName\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a subnet without a Network Security Group. NSG help to protect traffic across subnet-level.",
- "display_name": "Subnets should have a Network Security Group",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "mode": "All",
- "name": "Deny-Subnet-Without-Nsg",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedSubnets\":{\"defaultValue\":[\"GatewaySubnet\",\"AzureFirewallSubnet\",\"AzureFirewallManagementSubnet\"],\"metadata\":{\"description\":\"Array of subnet names that are excluded from this policy\",\"displayName\":\"Excluded Subnets\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*]\",\"where\":{\"allOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\"},{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].name\",\"notIn\":\"[parameters('excludedSubnets')]\"}]}},\"notEquals\":0}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/subnets\",\"field\":\"type\"},{\"field\":\"name\",\"notIn\":\"[parameters('excludedSubnets')]\"},{\"exists\":\"false\",\"field\":\"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Penp\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Penp",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a subnet without Private Endpoint Netwotk Policies enabled. This policy is intended for 'workload' subnets, not 'central infrastructure' (aka, 'hub') subnets.",
- "display_name": "Subnets without Private Endpoint Network Policies enabled should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-Subnet-Without-Penp",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedSubnets\":{\"defaultValue\":[\"GatewaySubnet\",\"AzureFirewallSubnet\",\"AzureFirewallManagementSubnet\",\"AzureBastionSubnet\"],\"metadata\":{\"description\":\"Array of subnet names that are excluded from this policy\",\"displayName\":\"Excluded Subnets\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].privateEndpointNetworkPolicies\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].name\",\"notIn\":\"[parameters('excludedSubnets')]\"}]}},\"notEquals\":0}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/subnets\",\"field\":\"type\"},{\"field\":\"name\",\"notIn\":\"[parameters('excludedSubnets')]\"},{\"field\":\"Microsoft.Network/virtualNetworks/subnets/privateEndpointNetworkPolicies\",\"notEquals\":\"Enabled\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a subnet without a User Defined Route (UDR).",
- "display_name": "Subnets should have a User Defined Route",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "mode": "All",
- "name": "Deny-Subnet-Without-Udr",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedSubnets\":{\"defaultValue\":[\"AzureBastionSubnet\"],\"metadata\":{\"description\":\"Array of subnet names that are excluded from this policy\",\"displayName\":\"Excluded Subnets\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*]\",\"where\":{\"allOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].routeTable.id\"},{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].name\",\"notIn\":\"[parameters('excludedSubnets')]\"}]}},\"notEquals\":0}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/subnets\",\"field\":\"type\"},{\"field\":\"name\",\"notIn\":\"[parameters('excludedSubnets')]\"},{\"exists\":\"false\",\"field\":\"Microsoft.Network/virtualNetworks/subnets/routeTable.id\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-UDR-With-Specific-NextHop\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-UDR-With-Specific-NextHop",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a User Defined Route with 'Next Hop Type' set to 'Internet' or 'VirtualNetworkGateway'.",
- "display_name": "User Defined Routes with 'Next Hop Type' set to 'Internet' or 'VirtualNetworkGateway' should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-UDR-With-Specific-NextHop",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedDestinations\":{\"defaultValue\":[\"Internet\",\"VirtualNetworkGateway\"],\"metadata\":{\"description\":\"Array of route destinations that are to be denied\",\"displayName\":\"Excluded Destinations\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/routeTables\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/routeTables/routes[*]\",\"where\":{\"field\":\"Microsoft.Network/routeTables/routes[*].nextHopType\",\"in\":\"[parameters('excludedDestinations')]\"}},\"notEquals\":0}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/routeTables/routes\",\"field\":\"type\"},{\"field\":\"Microsoft.Network/routeTables/routes/nextHopType\",\"in\":\"[parameters('excludedDestinations')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of vNet Peerings outside of the same subscriptions under the assigned scope.",
- "display_name": "Deny vNet peering cross subscription.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "All",
- "name": "Deny-VNET-Peer-Cross-Sub",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\"field\":\"type\"},{\"field\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id\",\"notcontains\":\"[subscription().id]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peering-To-Non-Approved-VNETs\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peering-To-Non-Approved-VNETs",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of vNet Peerings to non-approved vNets under the assigned scope.",
- "display_name": "Deny vNet peering to non-approved vNets",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-VNET-Peering-To-Non-Approved-VNETs",
- "parameters": "{\"allowedVnets\":{\"defaultValue\":[],\"metadata\":{\"description\":\"Array of allowed vNets that can be peered with. Must be entered using their resource ID. Example: /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}\",\"displayName\":\"Allowed vNets to peer with\"},\"type\":\"Array\"},\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\"field\":\"type\"},{\"not\":{\"field\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id\",\"in\":\"[parameters('allowedVnets')]\"}}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"not\":{\"field\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings[*].remoteVirtualNetwork.id\",\"in\":\"[parameters('allowedVnets')]\"}},{\"not\":{\"exists\":false,\"field\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings[*].remoteVirtualNetwork.id\"}}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNet-Peering\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNet-Peering",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of vNet Peerings under the assigned scope.",
- "display_name": "Deny vNet peering ",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "All",
- "name": "Deny-VNet-Peering",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\"field\":\"type\"},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This is a DenyAction implementation policy on Activity Logs.",
- "display_name": "DenyAction implementation on Activity Logs",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"deprecated\":false,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "DenyAction-ActivityLogs",
- "parameters": null,
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Resources/subscriptions/providers/diagnosticSettings\",\"field\":\"type\"},\"then\":{\"details\":{\"actionNames\":[\"delete\"]},\"effect\":\"denyAction\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "DenyAction implementation on Diagnostic Logs.",
- "display_name": "DenyAction implementation on Diagnostic Logs.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"deprecated\":false,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "DenyAction-DiagnosticLogs",
- "parameters": null,
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Insights/diagnosticSettings\",\"field\":\"type\"},\"then\":{\"details\":{\"actionNames\":[\"delete\"]},\"effect\":\"denyAction\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Microsoft Defender for Cloud Security Contacts",
- "display_name": "Deploy Microsoft Defender for Cloud Security Contacts",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Security Center\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Deploy-ASC-SecurityContacts",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"string\"},\"emailSecurityContact\":{\"metadata\":{\"description\":\"Provide email address for Azure Security Center contact details\",\"displayName\":\"Security contacts email address\"},\"type\":\"string\"},\"minimalSeverity\":{\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":\"High\",\"metadata\":{\"description\":\"Defines the minimal alert severity which will be sent as email notifications\",\"displayName\":\"Minimal severity\"},\"type\":\"string\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"emailSecurityContact\":{\"value\":\"[parameters('emailSecurityContact')]\"},\"minimalSeverity\":{\"value\":\"[parameters('minimalSeverity')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"emailSecurityContact\":{\"metadata\":{\"description\":\"Security contacts email address\"},\"type\":\"string\"},\"minimalSeverity\":{\"metadata\":{\"description\":\"Minimal severity level reported\"},\"type\":\"string\"}},\"resources\":[{\"apiVersion\":\"2020-01-01-preview\",\"name\":\"default\",\"properties\":{\"alertNotifications\":{\"minimalSeverity\":\"[parameters('minimalSeverity')]\",\"state\":\"On\"},\"emails\":\"[parameters('emailSecurityContact')]\",\"notificationsByRole\":{\"roles\":[\"Owner\"],\"state\":\"On\"}},\"type\":\"Microsoft.Security/securityContacts\"}],\"variables\":{}}}},\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"contains\":\"[parameters('emailSecurityContact')]\",\"field\":\"Microsoft.Security/securityContacts/email\"},{\"contains\":\"[parameters('minimalSeverity')]\",\"field\":\"Microsoft.Security/securityContacts/alertNotifications.minimalSeverity\"},{\"equals\":\"Microsoft.Security/securityContacts\",\"field\":\"type\"},{\"equals\":\"On\",\"field\":\"Microsoft.Security/securityContacts/alertNotifications\"},{\"equals\":\"On\",\"field\":\"Microsoft.Security/securityContacts/alertsToAdmins\"}]},\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"],\"type\":\"Microsoft.Security/securityContacts\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Budget\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Budget",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a default budget on all subscriptions under the assigned scope",
- "display_name": "Deploy a default budget on all subscriptions under the assigned scope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureUSGovernment\"],\"category\":\"Budget\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Deploy-Budget",
- "parameters": "{\"amount\":{\"defaultValue\":\"1000\",\"metadata\":{\"description\":\"The total amount of cost or usage to track with the budget\"},\"type\":\"String\"},\"budgetName\":{\"defaultValue\":\"budget-set-by-policy\",\"metadata\":{\"description\":\"The name for the budget to be created\"},\"type\":\"String\"},\"contactEmails\":{\"defaultValue\":[],\"metadata\":{\"description\":\"The list of email addresses, in an array, to send the budget notification to when the threshold is exceeded.\"},\"type\":\"Array\"},\"contactGroups\":{\"defaultValue\":[],\"metadata\":{\"description\":\"The list of action groups, in an array, to send the budget notification to when the threshold is exceeded. It accepts array of strings.\"},\"type\":\"Array\"},\"contactRoles\":{\"defaultValue\":[\"Owner\",\"Contributor\"],\"metadata\":{\"description\":\"The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.\"},\"type\":\"Array\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\"},\"type\":\"String\"},\"firstThreshold\":{\"defaultValue\":\"90\",\"metadata\":{\"description\":\"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"},\"type\":\"String\"},\"secondThreshold\":{\"defaultValue\":\"100\",\"metadata\":{\"description\":\"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"},\"type\":\"String\"},\"timeGrain\":{\"allowedValues\":[\"Monthly\",\"Quarterly\",\"Annually\",\"BillingMonth\",\"BillingQuarter\",\"BillingAnnual\"],\"defaultValue\":\"Monthly\",\"metadata\":{\"description\":\"The time covered by a budget. Tracking of the amount will be reset based on the time grain.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"amount\":{\"value\":\"[parameters('amount')]\"},\"budgetName\":{\"value\":\"[parameters('budgetName')]\"},\"contactEmails\":{\"value\":\"[parameters('contactEmails')]\"},\"contactGroups\":{\"value\":\"[parameters('contactGroups')]\"},\"contactRoles\":{\"value\":\"[parameters('contactRoles')]\"},\"firstThreshold\":{\"value\":\"[parameters('firstThreshold')]\"},\"secondThreshold\":{\"value\":\"[parameters('secondThreshold')]\"},\"timeGrain\":{\"value\":\"[parameters('timeGrain')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"amount\":{\"type\":\"String\"},\"budgetName\":{\"type\":\"String\"},\"contactEmails\":{\"type\":\"Array\"},\"contactGroups\":{\"type\":\"Array\"},\"contactRoles\":{\"type\":\"Array\"},\"firstThreshold\":{\"type\":\"String\"},\"secondThreshold\":{\"type\":\"String\"},\"startDate\":{\"defaultValue\":\"[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]\",\"type\":\"String\"},\"timeGrain\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2019-10-01\",\"name\":\"[parameters('budgetName')]\",\"properties\":{\"amount\":\"[parameters('amount')]\",\"category\":\"Cost\",\"notifications\":{\"NotificationForExceededBudget1\":{\"contactEmails\":\"[parameters('contactEmails')]\",\"contactGroups\":\"[parameters('contactGroups')]\",\"contactRoles\":\"[parameters('contactRoles')]\",\"enabled\":true,\"operator\":\"GreaterThan\",\"threshold\":\"[parameters('firstThreshold')]\"},\"NotificationForExceededBudget2\":{\"contactEmails\":\"[parameters('contactEmails')]\",\"contactGroups\":\"[parameters('contactGroups')]\",\"contactRoles\":\"[parameters('contactRoles')]\",\"enabled\":true,\"operator\":\"GreaterThan\",\"threshold\":\"[parameters('secondThreshold')]\"}},\"timeGrain\":\"[parameters('timeGrain')]\",\"timePeriod\":{\"startDate\":\"[parameters('startDate')]\"}},\"type\":\"Microsoft.Consumption/budgets\"}]}}},\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('amount')]\",\"field\":\"Microsoft.Consumption/budgets/amount\"},{\"equals\":\"[parameters('timeGrain')]\",\"field\":\"Microsoft.Consumption/budgets/timeGrain\"},{\"equals\":\"Cost\",\"field\":\"Microsoft.Consumption/budgets/category\"}]},\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Consumption/budgets\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Custom-Route-Table\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Custom-Route-Table",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys a route table with specific user defined routes when one does not exist. The route table deployed by the policy must be manually associated to subnet(s)",
- "display_name": "Deploy a route table with specific user defined routes",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Custom-Route-Table",
- "parameters": "{\"disableBgpPropagation\":{\"defaultValue\":false,\"metadata\":{\"description\":\"Disable BGP Propagation\",\"displayName\":\"DisableBgpPropagation\"},\"type\":\"Boolean\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"requiredRoutes\":{\"metadata\":{\"description\":\"Routes that must exist in compliant route tables deployed by this policy\",\"displayName\":\"requiredRoutes\"},\"type\":\"Array\"},\"routeTableName\":{\"metadata\":{\"description\":\"Name of the route table automatically deployed by this policy\",\"displayName\":\"routeTableName\"},\"type\":\"String\"},\"vnetRegion\":{\"metadata\":{\"description\":\"Only VNets in this region will be evaluated against this policy\",\"displayName\":\"vnetRegion\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"equals\":\"[parameters('vnetRegion')]\",\"field\":\"location\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"disableBgpPropagation\":{\"value\":\"[parameters('disableBgpPropagation')]\"},\"requiredRoutes\":{\"value\":\"[parameters('requiredRoutes')]\"},\"routeTableName\":{\"value\":\"[parameters('routeTableName')]\"},\"vnetRegion\":{\"value\":\"[parameters('vnetRegion')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"disableBgpPropagation\":{\"type\":\"bool\"},\"requiredRoutes\":{\"type\":\"array\"},\"routeTableName\":{\"type\":\"string\"},\"vnetRegion\":{\"type\":\"string\"}},\"resources\":[{\"apiVersion\":\"2021-04-01\",\"name\":\"routeTableDepl\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"disableBgpPropagation\":{\"value\":\"[parameters('disableBgpPropagation')]\"},\"requiredRoutes\":{\"value\":\"[parameters('requiredRoutes')]\"},\"routeTableName\":{\"value\":\"[parameters('routeTableName')]\"},\"vnetRegion\":{\"value\":\"[parameters('vnetRegion')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"disableBgpPropagation\":{\"type\":\"bool\"},\"requiredRoutes\":{\"type\":\"array\"},\"routeTableName\":{\"type\":\"string\"},\"vnetRegion\":{\"type\":\"string\"}},\"resources\":[{\"apiVersion\":\"2021-02-01\",\"location\":\"[[parameters('vnetRegion')]\",\"name\":\"[[parameters('routeTableName')]\",\"properties\":{\"copy\":\"[variables('copyLoop')]\",\"disableBgpRoutePropagation\":\"[[parameters('disableBgpPropagation')]\"},\"type\":\"Microsoft.Network/routeTables\"}]}},\"type\":\"Microsoft.Resources/deployments\"}],\"variables\":{\"copyLoop\":[{\"count\":\"[[length(parameters('requiredRoutes'))]\",\"input\":{\"name\":\"[[concat('route-',copyIndex('routes'))]\",\"properties\":{\"addressPrefix\":\"[[split(parameters('requiredRoutes')[copyIndex('routes')], ';')[0]]\",\"nextHopIpAddress\":\"[[if(equals(toLower(split(parameters('requiredRoutes')[copyIndex('routes')], ';')[1]),'virtualappliance'),split(parameters('requiredRoutes')[copyIndex('routes')], ';')[2], null())]\",\"nextHopType\":\"[[split(parameters('requiredRoutes')[copyIndex('routes')], ';')[1]]\"}},\"name\":\"routes\"}]}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('routeTableName')]\",\"field\":\"name\"},{\"count\":{\"field\":\"Microsoft.Network/routeTables/routes[*]\",\"where\":{\"in\":\"[parameters('requiredRoutes')]\",\"value\":\"[concat(current('Microsoft.Network/routeTables/routes[*].addressPrefix'), ';', current('Microsoft.Network/routeTables/routes[*].nextHopType'), if(equals(toLower(current('Microsoft.Network/routeTables/routes[*].nextHopType')),'virtualappliance'), concat(';', current('Microsoft.Network/routeTables/routes[*].nextHopIpAddress')), ''))]\"}},\"equals\":\"[length(parameters('requiredRoutes'))]\"}]},\"roleDefinitionIds\":[\"/subscriptions/e867a45d-e513-44ac-931e-4741cef80b24/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"type\":\"Microsoft.Network/routeTables\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-DDoSProtection\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-DDoSProtection",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys an Azure DDoS Network Protection",
- "display_name": "Deploy an Azure DDoS Network Protection",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "All",
- "name": "Deploy-DDoSProtection",
- "parameters": "{\"ddosName\":{\"metadata\":{\"description\":\"DDoSVnet\",\"displayName\":\"ddosName\"},\"type\":\"String\"},\"ddosRegion\":{\"metadata\":{\"description\":\"DDoSVnet location\",\"displayName\":\"ddosRegion\",\"strongType\":\"location\"},\"type\":\"String\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"rgName\":{\"metadata\":{\"description\":\"Provide name for resource group.\",\"displayName\":\"rgName\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"ddosname\":{\"value\":\"[parameters('ddosname')]\"},\"ddosregion\":{\"value\":\"[parameters('ddosRegion')]\"},\"rgName\":{\"value\":\"[parameters('rgName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"ddosRegion\":{\"type\":\"String\"},\"ddosname\":{\"type\":\"String\"},\"rgName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2018-05-01\",\"location\":\"[deployment().location]\",\"name\":\"[parameters('rgName')]\",\"properties\":{},\"type\":\"Microsoft.Resources/resourceGroups\"},{\"apiVersion\":\"2018-05-01\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]\"],\"name\":\"ddosprotection\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{},\"resources\":[{\"apiVersion\":\"2019-12-01\",\"location\":\"[parameters('ddosRegion')]\",\"name\":\"[parameters('ddosName')]\",\"properties\":{},\"type\":\"Microsoft.Network/ddosProtectionPlans\"}]}},\"resourceGroup\":\"[parameters('rgName')]\",\"type\":\"Microsoft.Resources/deployments\"}]}}},\"deploymentScope\":\"subscription\",\"existenceScope\":\"resourceGroup\",\"name\":\"[parameters('ddosName')]\",\"resourceGroupName\":\"[parameters('rgName')]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"type\":\"Microsoft.Network/ddosProtectionPlans\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Automation to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-AA",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Automation/automationAccounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"JobLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"JobStreams\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DscNodeStatus\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Automation/automationAccounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.",
- "display_name": "Deploy Diagnostic Settings for Container Instances to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ACI",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.ContainerInstance/containerGroups\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.ContainerInstance/containerGroups/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics enabled.",
- "display_name": "Deploy Diagnostic Settings for Container Registry to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ACR",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.ContainerRegistry/registries\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ContainerRegistryLoginEvents\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ContainerRegistryRepositoryEvents\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.ContainerRegistry/registries/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for API Management to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-APIMgmt",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logAnalyticsDestinationType\":{\"allowedValues\":[\"AzureDiagnostics\",\"Dedicated\"],\"defaultValue\":\"AzureDiagnostics\",\"metadata\":{\"description\":\"Select destination type for Log Analytics. Allowed values are 'Dedicated' (resource specific) and 'AzureDiagnostics'. Default is 'AzureDiagnostics'\",\"displayName\":\"Log Analytics destination type\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.ApiManagement/service\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logAnalyticsDestinationType\":{\"value\":\"[parameters('logAnalyticsDestinationType')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logAnalyticsDestinationType\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logAnalyticsDestinationType\":\"[parameters('logAnalyticsDestinationType')]\",\"logs\":[{\"category\":\"GatewayLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"WebSocketConnectionLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.ApiManagement/service/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.",
- "display_name": "Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-AVDScalingPlans",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DesktopVirtualization/scalingplans\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Autoscale\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-AnalysisService",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.AnalysisServices/servers\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Engine\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Service\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.AnalysisServices/servers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ApiForFHIR",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.HealthcareApis/services\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"AuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.HealthcareApis/services/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ApplicationGateway",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/applicationGateways\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ApplicationGatewayAccessLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ApplicationGatewayPerformanceLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ApplicationGatewayFirewallLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/applicationGateways/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Azure Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Bastion",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/bastionHosts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"BastionAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/bastionHosts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-CDNEndpoints",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Cdn/profiles/endpoints\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('fullName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"CoreAnalytics\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Cdn/profiles/endpoints/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-CognitiveServices",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.CognitiveServices/accounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Audit\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RequestResponse\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Trace\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.CognitiveServices/accounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-CosmosDB",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DocumentDB/databaseAccounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"DataPlaneRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"MongoRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"QueryRuntimeStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PartitionKeyStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PartitionKeyRUConsumption\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ControlPlaneRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"CassandraRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"GremlinRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TableApiRequests\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"Requests\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DocumentDB/databaseAccounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-DLAnalytics",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DataLakeAnalytics/accounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Audit\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Requests\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-DataExplorerCluster",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Kusto/Clusters\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"SucceededIngestion\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"FailedIngestion\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"IngestionBatching\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Command\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Query\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TableUsageStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TableDetails\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Kusto/Clusters/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Data Factory to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-DataFactory",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DataFactory/factories\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ActivityRuns\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PipelineRuns\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TriggerRuns\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageEventMessages\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageExecutableStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageEventMessageContext\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageExecutionComponentPhases\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageExecutionDataStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISIntegrationRuntimeLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SandboxPipelineRuns\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SandboxActivityRuns\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DataFactory/factories/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Databricks to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.3.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Databricks",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Databricks/workspaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"dbfs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"clusters\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"accounts\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"jobs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"notebook\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ssh\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"workspace\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"secrets\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"sqlPermissions\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"instancePools\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"sqlanalytics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"genie\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"globalInitScripts\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"iamRole\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"mlflowExperiment\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"featureStore\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RemoteHistoryService\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"mlflowAcledArtifact\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"databrickssql\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"deltaPipelines\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"modelRegistry\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"repos\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"unityCatalog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"gitCredentials\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"webTerminal\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"serverlessRealTimeInference\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"clusterLibraries\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"partnerHub\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"clamAVScan\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"capsule8Dataplane\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Databricks/workspaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-EventGridSub",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.EventGrid/eventSubscriptions\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.EventGrid/eventSubscriptions/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-EventGridSystemTopic",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.EventGrid/systemTopics\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"DeliveryFailures\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.EventGrid/systemTopics/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-EventGridTopic",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.EventGrid/topics\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"DeliveryFailures\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PublishFailures\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataPlaneRequests\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.EventGrid/topics/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ExpressRoute",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/expressRouteCircuits\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"PeeringRouteLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/expressRouteCircuits/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Firewall to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Firewall",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logAnalyticsDestinationType\":{\"allowedValues\":[\"AzureDiagnostics\",\"Dedicated\"],\"defaultValue\":\"AzureDiagnostics\",\"metadata\":{\"description\":\"Select destination type for Log Analytics. Allowed values are 'Dedicated' (resource specific) and 'AzureDiagnostics'. Default is 'AzureDiagnostics'\",\"displayName\":\"Log Analytics destination type\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/azureFirewalls\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logAnalyticsDestinationType\":{\"value\":\"[parameters('logAnalyticsDestinationType')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logAnalyticsDestinationType\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logAnalyticsDestinationType\":\"[parameters('logAnalyticsDestinationType')]\",\"logs\":[{\"category\":\"AzureFirewallApplicationRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AzureFirewallNetworkRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AzureFirewallDnsProxy\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWNetworkRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWApplicationRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWNatRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWThreatIntel\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWIdpsSignature\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWDnsQuery\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWFqdnResolveFailure\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWApplicationRuleAggregation\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWNetworkRuleAggregation\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWNatRuleAggregation\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWFatFlow\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWFlowTrace\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/azureFirewalls/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Front Door to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-FrontDoor",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/frontDoors\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"FrontdoorAccessLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"FrontdoorWebApplicationFirewallLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/frontDoors/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Function",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"contains\":\"functionapp\",\"value\":\"[field('kind')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"FunctionAppLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Web/sites/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for HDInsight to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-HDInsight",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.HDInsight/clusters\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.HDInsight/clusters/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-LoadBalancer",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/loadBalancers\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"LoadBalancerAlertEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"LoadBalancerProbeHealthStatus\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/loadBalancers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Log Analytics workspaces to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-LogAnalytics",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"microsoft.operationalinsights/workspaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Audit\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"microsoft.operationalinsights/workspaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-LogicAppsISE",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Logic/integrationAccounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"IntegrationAccountTrackingEvents\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Logic/integrationAccounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for MariaDB to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-MariaDB",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DBforMariaDB/servers\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"MySqlSlowLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"MySqlAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DBforMariaDB/servers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-MediaService",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Media/mediaServices\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"KeyDeliveryRequests\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Media/mediaServices/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-MlWorkspace",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.MachineLearningServices/workspaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"AmlComputeClusterEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AmlComputeClusterNodeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AmlComputeJobEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AmlComputeCpuGpuUtilization\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AmlRunStatusChangedEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ModelsChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ModelsReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ModelsActionEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeploymentReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeploymentEventACI\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeploymentEventAKS\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"InferencingOperationAKS\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"InferencingOperationACI\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataLabelChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataLabelReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ComputeInstanceEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataStoreChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataStoreReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataSetChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataSetReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PipelineChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PipelineReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RunEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RunReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"EnvironmentChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"EnvironmentReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false}}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.MachineLearningServices/workspaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-MySQL",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DBforMySQL/servers\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"MySqlSlowLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"MySqlAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DBforMySQL/servers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-NIC",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/networkInterfaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/networkInterfaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-NetworkSecurityGroups",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/networkSecurityGroups\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"NetworkSecurityGroupEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"NetworkSecurityGroupRuleCounter\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-PostgreSQL",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"equals\":\"Microsoft.DBforPostgreSQL/flexibleServers\",\"field\":\"type\"},{\"equals\":\"Microsoft.DBforPostgreSQL/servers\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"resourceType\":{\"value\":\"[field('type')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"},\"resourceType\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2021-05-01-preview\",\"condition\":\"[startsWith(parameters('resourceType'),'Microsoft.DBforPostgreSQL/flexibleServers')]\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"PostgreSQLLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DBforPostgreSQL/flexibleServers/providers/diagnosticSettings\"},{\"apiVersion\":\"2021-05-01-preview\",\"condition\":\"[startsWith(parameters('resourceType'),'Microsoft.DBforPostgreSQL/servers')]\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"PostgreSQLLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"QueryStoreRuntimeStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"QueryStoreWaitStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DBforPostgreSQL/servers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-PowerBIEmbedded",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.PowerBIDedicated/capacities\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Engine\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.PowerBIDedicated/capacities/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-RedisCache",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Cache/redis\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Cache/redis/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Relay to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Relay",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Relay/namespaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"HybridConnectionsEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Relay/namespaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-SQLElasticPools",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/elasticPools\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('fullName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Sql/servers/elasticPools/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-SQLMI",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/managedInstances\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ResourceUsageStats\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SQLSecurityAuditEvents\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DevOpsOperationsAudit\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Sql/managedInstances/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for SignalR to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-SignalR",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.SignalRService/SignalR\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"AllLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.SignalRService/SignalR/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-TimeSeriesInsights",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.TimeSeriesInsights/environments\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Ingress\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Management\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.TimeSeriesInsights/environments/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-TrafficManager",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/trafficManagerProfiles\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ProbeHealthStatusEvents\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/trafficManagerProfiles/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VM",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Compute/virtualMachines\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false}}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Compute/virtualMachines/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Virtual Machine Scale Sets to stream to a Log Analytics workspace when any Virtual Machine Scale Sets which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VMSS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false}}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Compute/virtualMachineScaleSets/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.",
- "display_name": "Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.1\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VNetGW",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/virtualNetworkGateways\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"GatewayDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"IKEDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"P2SDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RouteDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TunnelDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/virtualNetworkGateways/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for VWAN S2S VPN Gateway to stream to a Log Analytics workspace when any VWAN S2S VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.",
- "display_name": "Deploy Diagnostic Settings for VWAN S2S VPN Gateway to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VWanS2SVPNGW",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/vpnGateways\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"GatewayDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"IKEDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RouteDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TunnelDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/vpnGateways/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VirtualNetwork",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"VMProtectionAlerts\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false}}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/virtualNetworks/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for AVD Application group to stream to a Log Analytics workspace when any application group which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.",
- "display_name": "Deploy Diagnostic Settings for AVD Application group to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.1\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-WVDAppGroup",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DesktopVirtualization/applicationGroups\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Checkpoint\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Error\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Management\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DesktopVirtualization/applicationGroups/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for AVD Host Pools to stream to a Log Analytics workspace when any Host Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.",
- "display_name": "Deploy Diagnostic Settings for AVD Host Pools to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.3.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-WVDHostPools",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DesktopVirtualization/hostpools\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Checkpoint\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Error\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Management\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Connection\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"HostRegistration\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AgentHealthStatus\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"NetworkData\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SessionHostManagement\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ConnectionGraphicsData\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DesktopVirtualization/hostpools/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.",
- "display_name": "Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.1\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-WVDWorkspace",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DesktopVirtualization/workspaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Checkpoint\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Error\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Management\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Feed\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DesktopVirtualization/workspaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-WebServerFarm",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Web/serverfarms\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Web/serverfarms/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for App Service to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Website",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"notContains\":\"functionapp\",\"value\":\"[field('kind')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"serverFarmId\":{\"value\":\"[field('Microsoft.Web/sites/serverFarmId')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat(parameters('logAnalytics'), 'configured for diagnostic logs for ', ': ', parameters('resourceName'))]\"}},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"},\"serverFarmId\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":\"[if(startsWith(reference(parameters('serverFarmId'), '2021-03-01', 'Full').sku.tier, 'Premium'), variables('logs').premiumTierLogs, variables('logs').otherTierLogs)]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Web/sites/providers/diagnosticSettings\"}],\"variables\":{\"logs\":{\"otherTierLogs\":[{\"category\":\"AppServiceHTTPLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceConsoleLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceAppLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceIPSecAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServicePlatformLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"premiumTierLogs\":[{\"category\":\"AppServiceAntivirusScanAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceHTTPLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceConsoleLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceAppLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceFileAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceIPSecAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServicePlatformLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('logsEnabled')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('metricsEnabled')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-iotHub",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Devices/IotHubs\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Connections\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeviceTelemetry\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"C2DCommands\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeviceIdentityOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"FileUploadOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Routes\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"D2CTwinOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"C2DTwinOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TwinQueries\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"JobsOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DirectMethods\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DistributedTracing\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Configurations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeviceStreams\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Devices/IotHubs/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-FirewallPolicy\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-FirewallPolicy",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys Azure Firewall Manager policy in subscription where the policy is assigned.",
- "display_name": "Deploy Azure Firewall Manager policy in the subscription",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deploy-FirewallPolicy",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"fwPolicyRegion\":{\"metadata\":{\"description\":\"Select Azure region for Azure Firewall Policy\",\"displayName\":\"fwPolicyRegion\",\"strongType\":\"location\"},\"type\":\"String\"},\"fwpolicy\":{\"defaultValue\":{},\"metadata\":{\"description\":\"Object describing Azure Firewall Policy\",\"displayName\":\"fwpolicy\"},\"type\":\"Object\"},\"rgName\":{\"metadata\":{\"description\":\"Provide name for resource group.\",\"displayName\":\"rgName\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"fwPolicy\":{\"value\":\"[parameters('fwPolicy')]\"},\"fwPolicyRegion\":{\"value\":\"[parameters('fwPolicyRegion')]\"},\"rgName\":{\"value\":\"[parameters('rgName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"fwPolicy\":{\"type\":\"object\"},\"fwPolicyRegion\":{\"type\":\"String\"},\"rgName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2018-05-01\",\"location\":\"[deployment().location]\",\"name\":\"[parameters('rgName')]\",\"properties\":{},\"type\":\"Microsoft.Resources/resourceGroups\"},{\"apiVersion\":\"2018-05-01\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]\"],\"name\":\"fwpolicies\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{},\"resources\":[{\"apiVersion\":\"2019-09-01\",\"dependsOn\":[],\"location\":\"[parameters('fwpolicy').location]\",\"name\":\"[parameters('fwpolicy').firewallPolicyName]\",\"properties\":{},\"resources\":[{\"apiVersion\":\"2019-09-01\",\"dependsOn\":[\"[resourceId('Microsoft.Network/firewallPolicies',parameters('fwpolicy').firewallPolicyName)]\"],\"name\":\"[parameters('fwpolicy').ruleGroups.name]\",\"properties\":{\"priority\":\"[parameters('fwpolicy').ruleGroups.properties.priority]\",\"rules\":\"[parameters('fwpolicy').ruleGroups.properties.rules]\"},\"type\":\"ruleGroups\"}],\"tags\":{},\"type\":\"Microsoft.Network/firewallPolicies\"}],\"variables\":{}}},\"resourceGroup\":\"[parameters('rgName')]\",\"type\":\"Microsoft.Resources/deployments\"}]}}},\"deploymentScope\":\"subscription\",\"existenceScope\":\"resourceGroup\",\"resourceGroupName\":\"[parameters('rgName')]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Network/firewallPolicies\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "Azure Database for MySQL server deploy a specific min TLS version and enforce SSL.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-MySQL-sslEnforcement",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure Database for MySQL server\",\"displayName\":\"Effect minimum TLS version Azure Database for MySQL server\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for MySQL server to enforce\",\"displayName\":\"Select version minimum TLS for MySQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforMySQL/servers\",\"field\":\"type\"},{\"anyOf\":[{\"field\":\"Microsoft.DBforMySQL/servers/sslEnforcement\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('minimalTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimalTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-12-01\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimalTlsVersion\":\"[parameters('minimalTlsVersion')]\",\"sslEnforcement\":\"[if(equals(parameters('minimalTlsVersion'), 'TLSEnforcementDisabled'),'Disabled', 'Enabled')]\"},\"type\":\"Microsoft.DBforMySQL/servers\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"Enabled\",\"field\":\"Microsoft.DBforMySQL/servers/sslEnforcement\"},{\"equals\":\"[parameters('minimalTlsVersion')]\",\"field\":\"Microsoft.DBforMySQL/servers/minimalTlsVersion\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.DBforMySQL/servers\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "[Deprecated] Deprecated by built-in policy. Deploys NSG flow logs and traffic analytics to a storageaccountid with a specified retention period. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/e920df7f-9a64-4066-9b58-52684c02a091.html",
- "display_name": "[Deprecated] Deploys NSG flow logs and traffic analytics",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"e920df7f-9a64-4066-9b58-52684c02a091\",\"version\":\"1.0.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deploy-Nsg-FlowLogs",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"flowAnalyticsEnabled\":{\"defaultValue\":false,\"metadata\":{\"displayName\":\"Enable Traffic Analytics\"},\"type\":\"Boolean\"},\"logAnalytics\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Resource ID of Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"retention\":{\"defaultValue\":5,\"metadata\":{\"displayName\":\"Retention\"},\"type\":\"Integer\"},\"storageAccountResourceId\":{\"metadata\":{\"displayName\":\"Storage Account Resource Id\",\"strongType\":\"Microsoft.Storage/storageAccounts\"},\"type\":\"String\"},\"trafficAnalyticsInterval\":{\"defaultValue\":60,\"metadata\":{\"displayName\":\"Traffic Analytics processing interval mins (10/60)\"},\"type\":\"Integer\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/networkSecurityGroups\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"flowAnalyticsEnabled\":{\"value\":\"[parameters('flowAnalyticsEnabled')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"networkSecurityGroupName\":{\"value\":\"[field('name')]\"},\"resourceGroupName\":{\"value\":\"[resourceGroup().name]\"},\"retention\":{\"value\":\"[parameters('retention')]\"},\"storageAccountResourceId\":{\"value\":\"[parameters('storageAccountResourceId')]\"},\"trafficAnalyticsInterval\":{\"value\":\"[parameters('trafficAnalyticsInterval')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"flowAnalyticsEnabled\":{\"type\":\"bool\"},\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"networkSecurityGroupName\":{\"type\":\"String\"},\"resourceGroupName\":{\"type\":\"String\"},\"retention\":{\"type\":\"int\"},\"storageAccountResourceId\":{\"type\":\"String\"},\"trafficAnalyticsInterval\":{\"type\":\"int\"}},\"resources\":[{\"apiVersion\":\"2020-05-01\",\"location\":\"[parameters('location')]\",\"name\":\"[take(concat('NetworkWatcher_', toLower(parameters('location')), '/', parameters('networkSecurityGroupName'), '-', parameters('resourceGroupName'), '-flowlog' ), 80)]\",\"properties\":{\"enabled\":true,\"flowAnalyticsConfiguration\":{\"networkWatcherFlowAnalyticsConfiguration\":{\"enabled\":\"[bool(parameters('flowAnalyticsEnabled'))]\",\"trafficAnalyticsInterval\":\"[parameters('trafficAnalyticsInterval')]\",\"workspaceId\":\"[if(not(empty(parameters('logAnalytics'))), reference(parameters('logAnalytics'), '2020-03-01-preview', 'Full').properties.customerId, json('null')) ]\",\"workspaceRegion\":\"[if(not(empty(parameters('logAnalytics'))), reference(parameters('logAnalytics'), '2020-03-01-preview', 'Full').location, json('null')) ]\",\"workspaceResourceId\":\"[if(not(empty(parameters('logAnalytics'))), parameters('logAnalytics'), json('null'))]\"}},\"format\":{\"type\":\"JSON\",\"version\":2},\"retentionPolicy\":{\"days\":\"[parameters('retention')]\",\"enabled\":true},\"storageId\":\"[parameters('storageAccountResourceId')]\",\"targetResourceId\":\"[resourceId(parameters('resourceGroupName'), 'Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]\"},\"type\":\"Microsoft.Network/networkWatchers/flowLogs\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Network/networkWatchers/flowLogs/enabled\"},{\"equals\":\"[parameters('flowAnalyticsEnabled')]\",\"field\":\"Microsoft.Network/networkWatchers/flowLogs/flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled\"}]},\"resourceGroupName\":\"NetworkWatcherRG\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Network/networkWatchers/flowLogs\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs-to-LA\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs-to-LA",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "[Deprecated] Deprecated by built-in policy. Deploys NSG flow logs and traffic analytics to Log Analytics with a specified retention period. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/e920df7f-9a64-4066-9b58-52684c02a091.html",
- "display_name": "[Deprecated] Deploys NSG flow logs and traffic analytics to Log Analytics",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"e920df7f-9a64-4066-9b58-52684c02a091\",\"version\":\"1.1.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deploy-Nsg-FlowLogs-to-LA",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"interval\":{\"defaultValue\":60,\"metadata\":{\"displayName\":\"Traffic Analytics processing interval mins (10/60)\"},\"type\":\"Integer\"},\"retention\":{\"defaultValue\":5,\"metadata\":{\"displayName\":\"Retention\"},\"type\":\"Integer\"},\"workspace\":{\"defaultValue\":\"\\u003cworkspace resource ID\\u003e\",\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Resource ID of Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/networkSecurityGroups\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"interval\":{\"value\":\"[parameters('interval')]\"},\"location\":{\"value\":\"[field('location')]\"},\"networkSecurityGroup\":{\"value\":\"[field('id')]\"},\"retention\":{\"value\":\"[parameters('retention')]\"},\"workspace\":{\"value\":\"[parameters('workspace')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"interval\":{\"type\":\"int\"},\"location\":{\"type\":\"String\"},\"networkSecurityGroup\":{\"type\":\"String\"},\"retention\":{\"type\":\"int\"},\"time\":{\"defaultValue\":\"[utcNow()]\",\"type\":\"String\"},\"workspace\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2019-10-01\",\"name\":\"[concat(variables('resourceGroupName'), '.', variables('securityGroupName'))]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"apiVersion\":\"2019-06-01\",\"kind\":\"StorageV2\",\"location\":\"[parameters('location')]\",\"name\":\"[variables('storageAccountName')]\",\"properties\":{},\"sku\":{\"name\":\"Standard_LRS\",\"tier\":\"Standard\"},\"type\":\"Microsoft.Storage/storageAccounts\"}]}},\"resourceGroup\":\"[variables('resourceGroupName')]\",\"type\":\"Microsoft.Resources/deployments\"},{\"apiVersion\":\"2019-10-01\",\"dependsOn\":[\"[concat(variables('resourceGroupName'), '.', variables('securityGroupName'))]\"],\"name\":\"[concat('NetworkWatcherRG', '.', variables('securityGroupName'))]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"apiVersion\":\"2020-05-01\",\"location\":\"[parameters('location')]\",\"name\":\"[concat('NetworkWatcher_', toLower(parameters('location')))]\",\"properties\":{},\"resources\":[{\"apiVersion\":\"2019-11-01\",\"dependsOn\":[\"[concat('NetworkWatcher_', toLower(parameters('location')))]\"],\"location\":\"[parameters('location')]\",\"name\":\"[concat(variables('securityGroupName'), '-Network-flowlog')]\",\"properties\":{\"enabled\":true,\"flowAnalyticsConfiguration\":{\"networkWatcherFlowAnalyticsConfiguration\":{\"enabled\":true,\"trafficAnalyticsInterval\":\"[parameters('interval')]\",\"workspaceResourceId\":\"[parameters('workspace')]\"}},\"format\":{\"type\":\"JSON\",\"version\":2},\"retentionPolicy\":{\"days\":\"[parameters('retention')]\",\"enabled\":true},\"storageId\":\"[concat(subscription().id, '/resourceGroups/', variables('resourceGroupName'), '/providers/Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]\",\"targetResourceId\":\"[parameters('networkSecurityGroup')]\"},\"type\":\"flowLogs\"}],\"type\":\"Microsoft.Network/networkWatchers\"}]}},\"resourceGroup\":\"NetworkWatcherRG\",\"type\":\"Microsoft.Resources/deployments\"}],\"variables\":{\"resourceGroupName\":\"[split(parameters('networkSecurityGroup'), '/')[4]]\",\"securityGroupName\":\"[split(parameters('networkSecurityGroup'), '/')[8]]\",\"storageAccountName\":\"[concat('es', uniqueString(variables('securityGroupName'), parameters('time')))]\"}}}},\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Network/networkWatchers/flowLogs/enabled\"}]},\"existenceScope\":\"resourceGroup\",\"name\":\"[if(empty(coalesce(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id'))), 'null/null', concat(split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[8], '/', split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[10]))]\",\"resourceGroupName\":\"[if(empty(coalesce(field('Microsoft.Network/networkSecurityGroups/flowLogs'))), 'NetworkWatcherRG', split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[4])]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12\",\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Network/networkWatchers/flowlogs\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "Azure Database for PostgreSQL server deploy a specific min TLS version requirement and enforce SSL ",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-PostgreSQL-sslEnforcement",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure Database for PostgreSQL server\",\"displayName\":\"Effect Azure Database for PostgreSQL server\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for PostgreSQL server to enforce\",\"displayName\":\"Select version for PostgreSQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforPostgreSQL/servers\",\"field\":\"type\"},{\"anyOf\":[{\"field\":\"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\"notEquals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('minimalTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimalTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-12-01\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimalTlsVersion\":\"[parameters('minimalTlsVersion')]\",\"sslEnforcement\":\"[if(equals(parameters('minimalTlsVersion'), 'TLSEnforcementDisabled'),'Disabled', 'Enabled')]\"},\"type\":\"Microsoft.DBforPostgreSQL/servers\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"Enabled\",\"field\":\"Microsoft.DBforPostgreSQL/servers/sslEnforcement\"},{\"equals\":\"[parameters('minimalTlsVersion')]\",\"field\":\"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\"}]},\"name\":\"current\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.DBforPostgreSQL/servers\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "SQL servers deploys a specific min TLS version requirement.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-SQL-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version SQL servers\",\"displayName\":\"Effect SQL servers\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version SQL servers to enforce\",\"displayName\":\"Select version for SQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/servers\",\"field\":\"type\"},{\"field\":\"Microsoft.Sql/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('minimalTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimalTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2019-06-01-preview\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimalTlsVersion\":\"[parameters('minimalTlsVersion')]\"},\"type\":\"Microsoft.Sql/servers\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('minimalTlsVersion')]\",\"field\":\"Microsoft.Sql/servers/minimalTlsVersion\"}]},\"name\":\"current\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437\"],\"type\":\"Microsoft.Sql/servers\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy auditing settings to SQL Database when it not exist in the deployment",
- "display_name": "Deploy SQL database auditing settings",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-AuditingSettings",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-03-01-preview\",\"name\":\"[concat( parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\"properties\":{\"auditActionsAndGroups\":[\"BATCH_COMPLETED_GROUP\",\"DATABASE_OBJECT_CHANGE_GROUP\",\"SCHEMA_OBJECT_CHANGE_GROUP\",\"BACKUP_RESTORE_GROUP\",\"APPLICATION_ROLE_CHANGE_PASSWORD_GROUP\",\"DATABASE_PRINCIPAL_CHANGE_GROUP\",\"DATABASE_PRINCIPAL_IMPERSONATION_GROUP\",\"DATABASE_ROLE_MEMBER_CHANGE_GROUP\",\"USER_CHANGE_PASSWORD_GROUP\",\"DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\",\"DATABASE_OBJECT_PERMISSION_CHANGE_GROUP\",\"DATABASE_PERMISSION_CHANGE_GROUP\",\"SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\",\"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\",\"FAILED_DATABASE_AUTHENTICATION_GROUP\"],\"isAzureMonitorTargetEnabled\":true,\"state\":\"enabled\"},\"type\":\"Microsoft.Sql/servers/databases/auditingSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"enabled\",\"field\":\"Microsoft.Sql/servers/databases/auditingSettings/state\"},{\"equals\":\"true\",\"field\":\"Microsoft.Sql/servers/databases/auditingSettings/isAzureMonitorTargetEnabled\"}]},\"name\":\"default\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"type\":\"Microsoft.Sql/servers/databases/auditingSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration",
- "display_name": "Deploy SQL Database security Alert Policies configuration with email admin accounts",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.1\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-SecurityAlertPolicies",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"emailAddresses\":{\"defaultValue\":[\"admin@contoso.com\",\"admin@fabrikam.com\"],\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"emailAddresses\":{\"value\":\"[parameters('emailAddresses')]\"},\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"emailAddresses\":{\"type\":\"Array\"},\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2018-06-01-preview\",\"name\":\"[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\"properties\":{\"disabledAlerts\":[\"\"],\"emailAccountAdmins\":true,\"emailAddresses\":\"[parameters('emailAddresses')]\",\"retentionDays\":0,\"state\":\"Enabled\",\"storageAccountAccessKey\":\"\",\"storageEndpoint\":null},\"type\":\"Microsoft.Sql/servers/databases/securityAlertPolicies\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"Enabled\",\"field\":\"Microsoft.Sql/servers/databases/securityAlertPolicies/state\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"type\":\"Microsoft.Sql/servers/databases/securityAlertPolicies\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy the Transparent Data Encryption when it is not enabled in the deployment. Please use this policy instead https://www.azadvertizer.net/azpolicyadvertizer/86a912f6-9a06-4e26-b447-11b16ba8659f.html",
- "display_name": "[Deprecated] Deploy SQL Database Transparent Data Encryption",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"86a912f6-9a06-4e26-b447-11b16ba8659f\",\"version\":\"1.1.1-deprecated\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-Tde",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedDatabases\":{\"defaultValue\":[\"master\",\"model\",\"tempdb\",\"msdb\",\"resource\"],\"metadata\":{\"description\":\"Array of databases that are excluded from this policy\",\"displayName\":\"Excluded Databases\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},{\"field\":\"name\",\"notIn\":\"[parameters('excludedDatabases')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2014-04-01\",\"name\":\"[concat( parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/current')]\",\"properties\":{\"status\":\"Enabled\"},\"type\":\"Microsoft.Sql/servers/databases/transparentDataEncryption\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"Enabled\",\"field\":\"Microsoft.Sql/transparentDataEncryption.status\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"type\":\"Microsoft.Sql/servers/databases/transparentDataEncryption\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy SQL Database vulnerability Assessments when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Sql-vulnerabilityAssessments_20230706.html",
- "display_name": "[Deprecated]: Deploy SQL Database vulnerability Assessments",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"Deploy-Sql-vulnerabilityAssessments_20230706\",\"version\":\"1.0.1-deprecated\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-vulnerabilityAssessments",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"metadata\":{\"description\":\"The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'\",\"displayName\":\"The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'\"},\"type\":\"String\"},\"vulnerabilityAssessmentsStorageID\":{\"metadata\":{\"description\":\"The storage account ID to store assessments\",\"displayName\":\"The storage account ID to store assessments\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"},\"vulnerabilityAssessmentsEmail\":{\"value\":\"[parameters('vulnerabilityAssessmentsEmail')]\"},\"vulnerabilityAssessmentsStorageID\":{\"value\":\"[parameters('vulnerabilityAssessmentsStorageID')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"type\":\"String\"},\"vulnerabilityAssessmentsStorageID\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-03-01-preview\",\"name\":\"[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\"properties\":{\"recurringScans\":{\"emailSubscriptionAdmins\":false,\"emails\":[\"[parameters('vulnerabilityAssessmentsEmail')]\"],\"isEnabled\":true},\"storageAccountAccessKey\":\"[listkeys(parameters('vulnerabilityAssessmentsStorageID'), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]\",\"storageContainerPath\":\"[concat('https://', last( split(parameters('vulnerabilityAssessmentsStorageID') , '/') ) , '.blob.core.windows.net/vulneraabilitylogs')]\"},\"type\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('vulnerabilityAssessmentsEmail')]\",\"field\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails\"},{\"equals\":true,\"field\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.isEnabled\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"type\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy SQL Database Vulnerability Assessments when it does not exist in the deployment, and save results to the storage account specified in the parameters.",
- "display_name": "Deploy SQL Database Vulnerability Assessments",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"replacesPolicy\":\"Deploy-Sql-vulnerabilityAssessments\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-vulnerabilityAssessments_20230706",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"metadata\":{\"description\":\"The email address(es) to send alerts.\",\"displayName\":\"The email address(es) to send alerts.\"},\"type\":\"Array\"},\"vulnerabilityAssessmentsStorageID\":{\"metadata\":{\"description\":\"The storage account ID to store assessments\",\"displayName\":\"The storage account ID to store assessments\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"},\"vulnerabilityAssessmentsEmail\":{\"value\":\"[parameters('vulnerabilityAssessmentsEmail')]\"},\"vulnerabilityAssessmentsStorageID\":{\"value\":\"[parameters('vulnerabilityAssessmentsStorageID')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"type\":\"Array\"},\"vulnerabilityAssessmentsStorageID\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-03-01-preview\",\"name\":\"[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\"properties\":{\"recurringScans\":{\"emailSubscriptionAdmins\":false,\"emails\":\"[parameters('vulnerabilityAssessmentsEmail')]\",\"isEnabled\":true},\"storageAccountAccessKey\":\"[listkeys(parameters('vulnerabilityAssessmentsStorageID'), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]\",\"storageContainerPath\":\"[concat('https://', last( split(parameters('vulnerabilityAssessmentsStorageID') , '/') ) , '.blob.core.windows.net/vulneraabilitylogs')]\"},\"type\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"count\":{\"field\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails[*]\",\"where\":{\"notIn\":\"[parameters('vulnerabilityAssessmentsEmail')]\",\"value\":\"current(Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails[*])\"}},\"greater\":0},{\"equals\":true,\"field\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.isEnabled\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"type\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a specific min TLS version requirement and enforce SSL on SQL managed instances. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "SQL managed instances deploy a specific min TLS version requirement.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-SqlMi-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version SQL servers\",\"displayName\":\"Effect SQL servers\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version SQL servers to enforce\",\"displayName\":\"Select version for SQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/managedInstances\",\"field\":\"type\"},{\"field\":\"Microsoft.Sql/managedInstances/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('minimalTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimalTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2020-02-02-preview\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimalTlsVersion\":\"[parameters('minimalTlsVersion')]\"},\"type\":\"Microsoft.Sql/managedInstances\"}],\"variables\":{}}}},\"evaluationDelay\":\"AfterProvisioningSuccess\",\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('minimalTlsVersion')]\",\"field\":\"Microsoft.Sql/managedInstances/minimalTlsVersion\"}]},\"name\":\"current\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d\"],\"type\":\"Microsoft.Sql/managedInstances\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Storage. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your Azure Storage.",
- "display_name": "Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS ",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Storage-sslEnforcement",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure STorage\",\"displayName\":\"Effect Azure Storage\"},\"type\":\"String\"},\"minimumTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_1\",\"TLS1_0\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure STorage to enforce\",\"displayName\":\"Select TLS version for Azure Storage server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts\",\"field\":\"type\"},{\"anyOf\":[{\"field\":\"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\"notEquals\":\"[parameters('minimumTlsVersion')]\"}]}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('minimumTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimumTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2019-06-01\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimumTlsVersion\":\"[parameters('minimumTlsVersion')]\",\"supportsHttpsTrafficOnly\":true},\"type\":\"Microsoft.Storage/storageAccounts\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\"},{\"equals\":\"[parameters('minimumTlsVersion')]\",\"field\":\"Microsoft.Storage/storageAccounts/minimumTlsVersion\"}]},\"name\":\"current\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"type\":\"Microsoft.Storage/storageAccounts\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-VNET-HubSpoke\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-VNET-HubSpoke",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy deploys virtual network and peer to the hub",
- "display_name": "Deploy Virtual Network with peering to the hub",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Deploy-VNET-HubSpoke",
- "parameters": "{\"dnsServers\":{\"defaultValue\":[],\"metadata\":{\"description\":\"Default domain servers for the vNET.\",\"displayName\":\"DNSServers\"},\"type\":\"Array\"},\"hubResourceId\":{\"metadata\":{\"description\":\"Resource ID for the HUB vNet\",\"displayName\":\"hubResourceId\"},\"type\":\"String\"},\"vNetCidrRange\":{\"metadata\":{\"description\":\"CIDR Range for the vNet\",\"displayName\":\"vNetCidrRange\"},\"type\":\"String\"},\"vNetLocation\":{\"metadata\":{\"description\":\"Location for the vNet\",\"displayName\":\"vNetLocation\"},\"type\":\"String\"},\"vNetName\":{\"metadata\":{\"description\":\"Name of the landing zone vNet\",\"displayName\":\"vNetName\"},\"type\":\"String\"},\"vNetPeerUseRemoteGateway\":{\"defaultValue\":false,\"metadata\":{\"description\":\"Enable gateway transit for the LZ network\",\"displayName\":\"vNetPeerUseRemoteGateway\"},\"type\":\"Boolean\"},\"vNetRgName\":{\"metadata\":{\"description\":\"Name of the landing zone vNet RG\",\"displayName\":\"vNetRgName\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"ResourceGroupName\":\"[parameters('vNetRgName')]\",\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"dnsServers\":{\"value\":\"[parameters('dnsServers')]\"},\"hubResourceId\":{\"value\":\"[parameters('hubResourceId')]\"},\"vNetCidrRange\":{\"value\":\"[parameters('vNetCidrRange')]\"},\"vNetLocation\":{\"value\":\"[parameters('vNetLocation')]\"},\"vNetName\":{\"value\":\"[parameters('vNetName')]\"},\"vNetPeerUseRemoteGateway\":{\"value\":\"[parameters('vNetPeerUseRemoteGateway')]\"},\"vNetRgName\":{\"value\":\"[parameters('vNetRgName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"dnsServers\":{\"defaultValue\":[],\"type\":\"Array\"},\"hubResourceId\":{\"type\":\"String\"},\"vNetCidrRange\":{\"type\":\"String\"},\"vNetLocation\":{\"type\":\"String\"},\"vNetName\":{\"type\":\"String\"},\"vNetPeerUseRemoteGateway\":{\"defaultValue\":false,\"type\":\"bool\"},\"vNetRgName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2021-04-01\",\"dependsOn\":[],\"location\":\"[parameters('vNetLocation')]\",\"name\":\"[concat('alz-vnet-rg-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{},\"resources\":[{\"apiVersion\":\"2021-04-01\",\"location\":\"[parameters('vNetLocation')]\",\"name\":\"[parameters('vNetRgName')]\",\"properties\":{},\"type\":\"Microsoft.Resources/resourceGroups\"}],\"variables\":{}}},\"type\":\"Microsoft.Resources/deployments\"},{\"apiVersion\":\"2021-04-01\",\"dependsOn\":[\"[concat('alz-vnet-rg-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\"],\"name\":\"[concat('alz-vnet-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{},\"resources\":[{\"apiVersion\":\"2021-02-01\",\"dependsOn\":[],\"location\":\"[parameters('vNetLocation')]\",\"name\":\"[parameters('vNetName')]\",\"properties\":{\"addressSpace\":{\"addressPrefixes\":[\"[parameters('vNetCidrRange')]\"]},\"dhcpOptions\":{\"dnsServers\":\"[parameters('dnsServers')]\"}},\"type\":\"Microsoft.Network/virtualNetworks\"},{\"apiVersion\":\"2021-02-01\",\"dependsOn\":[\"[parameters('vNetName')]\"],\"name\":\"[concat(parameters('vNetName'), '/peerToHub')]\",\"properties\":{\"allowForwardedTraffic\":true,\"allowGatewayTransit\":false,\"allowVirtualNetworkAccess\":true,\"remoteVirtualNetwork\":{\"id\":\"[parameters('hubResourceId')]\"},\"useRemoteGateways\":\"[parameters('vNetPeerUseRemoteGateway')]\"},\"type\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\"},{\"apiVersion\":\"2021-04-01\",\"dependsOn\":[\"[parameters('vNetName')]\"],\"name\":\"[concat('alz-hub-peering-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\"properties\":{\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"mode\":\"Incremental\",\"parameters\":{\"hubName\":{\"value\":\"[split(parameters('hubResourceId'),'/')[8]]\"},\"remoteVirtualNetwork\":{\"value\":\"[concat(subscription().id,'/resourceGroups/',parameters('vNetRgName'), '/providers/','Microsoft.Network/virtualNetworks/', parameters('vNetName'))]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"hubName\":{\"defaultValue\":false,\"type\":\"String\"},\"remoteVirtualNetwork\":{\"defaultValue\":false,\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2021-02-01\",\"name\":\"[[concat(parameters('hubName'),'/',last(split(parameters('remoteVirtualNetwork'),'/')))]\",\"properties\":{\"allowForwardedTraffic\":true,\"allowGatewayTransit\":true,\"allowVirtualNetworkAccess\":true,\"remoteVirtualNetwork\":{\"id\":\"[[parameters('remoteVirtualNetwork')]\"},\"useRemoteGateways\":false},\"type\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\"}],\"variables\":{}}},\"resourceGroup\":\"[split(parameters('hubResourceId'),'/')[4]]\",\"subscriptionId\":\"[split(parameters('hubResourceId'),'/')[2]]\",\"type\":\"Microsoft.Resources/deployments\"}],\"variables\":{}}},\"resourceGroup\":\"[parameters('vNetRgName')]\",\"type\":\"Microsoft.Resources/deployments\"}],\"variables\":{}}}},\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"name\",\"like\":\"[parameters('vNetName')]\"},{\"equals\":\"[parameters('vNetLocation')]\",\"field\":\"location\"}]},\"existenceScope\":\"resourceGroup\",\"name\":\"[parameters('vNetName')]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Network/virtualNetworks\"},\"effect\":\"deployIfNotExists\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys an auto shutdown schedule to a virtual machine",
- "display_name": "Deploy Virtual Machine Auto Shutdown Schedule",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Compute\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Vm-autoShutdown",
- "parameters": "{\"EnableNotification\":{\"allowedValues\":[\"Disabled\",\"Enabled\"],\"defaultValue\":\"Disabled\",\"metadata\":{\"description\":\"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\",\"displayName\":\"Send Notification before auto-shutdown\"},\"type\":\"string\"},\"NotificationEmailRecipient\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Email address to be used for notification\",\"displayName\":\"Email Address\"},\"type\":\"string\"},\"NotificationWebhookUrl\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\",\"displayName\":\"Webhook URL\"},\"type\":\"string\"},\"time\":{\"defaultValue\":\"0000\",\"metadata\":{\"description\":\"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\",\"displayName\":\"Scheduled Shutdown Time\"},\"type\":\"String\"},\"timeZoneId\":{\"defaultValue\":\"UTC\",\"metadata\":{\"description\":\"The time zone ID (e.g. Pacific Standard time).\",\"displayName\":\"Time zone\"},\"type\":\"string\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Compute/virtualMachines\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"EnableNotification\":{\"value\":\"[parameters('EnableNotification')]\"},\"NotificationEmailRecipient\":{\"value\":\"[parameters('NotificationEmailRecipient')]\"},\"NotificationWebhookUrl\":{\"value\":\"[parameters('NotificationWebhookUrl')]\"},\"location\":{\"value\":\"[field('location')]\"},\"time\":{\"value\":\"[parameters('time')]\"},\"timeZoneId\":{\"value\":\"[parameters('timeZoneId')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"EnableNotification\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"},\"type\":\"string\"},\"NotificationEmailRecipient\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Email address to be used for notification\"},\"type\":\"string\"},\"NotificationWebhookUrl\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"},\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"time\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"},\"type\":\"string\"},\"timeZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"The time zone ID (e.g. Pacific Standard time).\"},\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"resources\":[{\"apiVersion\":\"2018-09-15\",\"location\":\"[parameters('location')]\",\"name\":\"[concat('shutdown-computevm-',parameters('vmName'))]\",\"properties\":{\"dailyRecurrence\":{\"time\":\"[parameters('time')]\"},\"notificationSettings\":{\"emailRecipient\":\"[parameters('NotificationEmailRecipient')]\",\"notificationLocale\":\"en\",\"status\":\"[parameters('EnableNotification')]\",\"timeInMinutes\":30,\"webhookUrl\":\"[parameters('NotificationWebhookUrl')]\"},\"status\":\"Enabled\",\"targetResourceId\":\"[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]\",\"taskType\":\"ComputeVmShutdownTask\",\"timeZoneId\":\"[parameters('timeZoneId')]\"},\"type\":\"Microsoft.DevTestLab/schedules\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"ComputeVmShutdownTask\",\"field\":\"Microsoft.DevTestLab/schedules/taskType\"},{\"equals\":\"[concat(resourceGroup().id,'/providers/Microsoft.Compute/virtualMachines/',field('name'))]\",\"field\":\"Microsoft.DevTestLab/schedules/targetResourceId\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.DevTestLab/schedules\"},\"effect\":\"deployIfNotExists\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Windows-DomainJoin\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Windows-DomainJoin",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Windows Domain Join Extension with keyvault configuration when the extension does not exist on a given windows Virtual Machine",
- "display_name": "Deploy Windows Domain Join Extension with keyvault configuration",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Guest Configuration\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Windows-DomainJoin",
- "parameters": "{\"domainFQDN\":{\"metadata\":{\"displayName\":\"domainFQDN\"},\"type\":\"String\"},\"domainOUPath\":{\"metadata\":{\"displayName\":\"domainOUPath\"},\"type\":\"String\"},\"domainPassword\":{\"metadata\":{\"displayName\":\"domainPassword\"},\"type\":\"String\"},\"domainUsername\":{\"metadata\":{\"displayName\":\"domainUsername\"},\"type\":\"String\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"keyVaultResourceId\":{\"metadata\":{\"displayName\":\"keyVaultResourceId\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Compute/virtualMachines\",\"field\":\"type\"},{\"equals\":\"MicrosoftWindowsServer\",\"field\":\"Microsoft.Compute/imagePublisher\"},{\"equals\":\"WindowsServer\",\"field\":\"Microsoft.Compute/imageOffer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2008-R2-SP1-zhcn\",\"2012-Datacenter\",\"2012-datacenter-gensecond\",\"2012-Datacenter-smalldisk\",\"2012-datacenter-smalldisk-g2\",\"2012-Datacenter-zhcn\",\"2012-datacenter-zhcn-g2\",\"2012-R2-Datacenter\",\"2012-r2-datacenter-gensecond\",\"2012-R2-Datacenter-smalldisk\",\"2012-r2-datacenter-smalldisk-g2\",\"2012-R2-Datacenter-zhcn\",\"2012-r2-datacenter-zhcn-g2\",\"2016-Datacenter\",\"2016-datacenter-gensecond\",\"2016-datacenter-gs\",\"2016-Datacenter-Server-Core\",\"2016-datacenter-server-core-g2\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-datacenter-server-core-smalldisk-g2\",\"2016-Datacenter-smalldisk\",\"2016-datacenter-smalldisk-g2\",\"2016-Datacenter-with-Containers\",\"2016-datacenter-with-containers-g2\",\"2016-Datacenter-with-RDSH\",\"2016-Datacenter-zhcn\",\"2016-datacenter-zhcn-g2\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-datacenter-core-g2\",\"2019-Datacenter-Core-smalldisk\",\"2019-datacenter-core-smalldisk-g2\",\"2019-Datacenter-Core-with-Containers\",\"2019-datacenter-core-with-containers-g2\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-datacenter-core-with-containers-smalldisk-g2\",\"2019-datacenter-gensecond\",\"2019-datacenter-gs\",\"2019-Datacenter-smalldisk\",\"2019-datacenter-smalldisk-g2\",\"2019-Datacenter-with-Containers\",\"2019-datacenter-with-containers-g2\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-datacenter-with-containers-smalldisk-g2\",\"2019-Datacenter-zhcn\",\"2019-datacenter-zhcn-g2\",\"Datacenter-Core-1803-with-Containers-smalldisk\",\"datacenter-core-1803-with-containers-smalldisk-g2\",\"Datacenter-Core-1809-with-Containers-smalldisk\",\"datacenter-core-1809-with-containers-smalldisk-g2\",\"Datacenter-Core-1903-with-Containers-smalldisk\",\"datacenter-core-1903-with-containers-smalldisk-g2\",\"datacenter-core-1909-with-containers-smalldisk\",\"datacenter-core-1909-with-containers-smalldisk-g1\",\"datacenter-core-1909-with-containers-smalldisk-g2\"]}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"domainFQDN\":{\"value\":\"[parameters('domainFQDN')]\"},\"domainOUPath\":{\"value\":\"[parameters('domainOUPath')]\"},\"domainPassword\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('domainPassword')]\"}},\"domainUsername\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('domainUsername')]\"}},\"keyVaultResourceId\":{\"value\":\"[parameters('keyVaultResourceId')]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"domainFQDN\":{\"type\":\"String\"},\"domainOUPath\":{\"type\":\"String\"},\"domainPassword\":{\"type\":\"securestring\"},\"domainUsername\":{\"type\":\"String\"},\"keyVaultResourceId\":{\"type\":\"String\"},\"location\":{\"type\":\"String\"},\"vmName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2015-06-15\",\"location\":\"[resourceGroup().location]\",\"name\":\"[concat(variables('vmName'),'/joindomain')]\",\"properties\":{\"autoUpgradeMinorVersion\":true,\"protectedSettings\":{\"Password\":\"[parameters('domainPassword')]\"},\"publisher\":\"Microsoft.Compute\",\"settings\":{\"Name\":\"[parameters('domainFQDN')]\",\"OUPath\":\"[parameters('domainOUPath')]\",\"Options\":\"[variables('domainJoinOptions')]\",\"Restart\":\"true\",\"User\":\"[parameters('domainUserName')]\"},\"type\":\"JsonADDomainExtension\",\"typeHandlerVersion\":\"1.3\"},\"type\":\"Microsoft.Compute/virtualMachines/extensions\"}],\"variables\":{\"domainJoinOptions\":3,\"vmName\":\"[parameters('vmName')]\"}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"JsonADDomainExtension\",\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\"},{\"equals\":\"Microsoft.Compute\",\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.Compute/virtualMachines/extensions\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Audit-UnusedResourcesCostOptimization\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Audit-UnusedResourcesCostOptimization",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by detecting unused but chargeable resources. Leverage this Azure Policy Initiative as a cost control tool to reveal orphaned resources that are contributing cost.",
- "display_name": "Unused resources driving cost should be avoided",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "name": "Audit-UnusedResourcesCostOptimization",
- "parameters": "{\"effectDisks\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy for Microsoft.Compute/disks\",\"displayName\":\"Disks Effect\"},\"type\":\"String\"},\"effectPublicIpAddresses\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy for Microsoft.Network/publicIpAddresses\",\"displayName\":\"PublicIpAddresses Effect\"},\"type\":\"String\"},\"effectServerFarms\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy for Microsoft.Web/serverfarms\",\"displayName\":\"ServerFarms Effect\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectDisks')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization",
- "policy_group_names": null,
- "reference_id": "AuditDisksUnusedResourcesCostOptimization"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectPublicIpAddresses')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization",
- "policy_group_names": null,
- "reference_id": "AuditPublicIpAddressesUnusedResourcesCostOptimization"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectServerFarms')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization",
- "policy_group_names": null,
- "reference_id": "AuditServerFarmsUnusedResourcesCostOptimization"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"Audit\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit",
- "policy_group_names": null,
- "reference_id": "AuditAzureHybridBenefitUnusedResourcesCostOptimization"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints",
- "display_name": "Public network access should be disabled for PaaS services",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"3.1.0\"}",
- "name": "Deny-PublicPaaSEndpoints",
- "parameters": "{\"ACRPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies the creation of Azure Container Registires with exposed public endpoints \",\"displayName\":\"Public network access on Azure Container Registry disabled\"},\"type\":\"String\"},\"AFSPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies the creation of Azure File Sync instances with exposed public endpoints \",\"displayName\":\"Public network access on Azure File Sync disabled\"},\"type\":\"String\"},\"AKSPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies the creation of Azure Kubernetes Service non-private clusters\",\"displayName\":\"Public network access on AKS API should be disabled\"},\"type\":\"String\"},\"ApiManPublicIpDenyEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"This policy denies creation of API Management services with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for API Management services\"},\"type\":\"String\"},\"AppConfigPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of App Configuration with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for App Configuration\"},\"type\":\"String\"},\"AsPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of App Service apps with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for App Service apps\"},\"type\":\"String\"},\"AsePublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of App Service Environment apps with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for App Service Environment apps\"},\"type\":\"String\"},\"AutomationPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be seet to 'isolated only' mode\",\"displayName\":\"Public network access should be disabled for Automation accounts\"},\"type\":\"String\"},\"BatchPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Azure Batch Instances with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Azure Batch Instances\"},\"type\":\"String\"},\"BotServicePublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Bot Service with exposed public endpoints. Bots should be seet to 'isolated only' mode\",\"displayName\":\"Public network access should be disabled for Bot Service\"},\"type\":\"String\"},\"CosmosPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies that Cosmos database accounts are created with out public network access is disabled.\",\"displayName\":\"Public network access should be disabled for CosmosDB\"},\"type\":\"String\"},\"FunctionPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Function apps with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Function apps\"},\"type\":\"String\"},\"KeyVaultPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\",\"displayName\":\"Public network access should be disabled for KeyVault\"},\"type\":\"String\"},\"MariaDbPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Azure MariaDB with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Azure MariaDB\"},\"type\":\"String\"},\"MlPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Azure Machine Learning with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Azure Machine Learning\"},\"type\":\"String\"},\"MySQLFlexPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for MySQL Flexible Server\"},\"type\":\"String\"},\"PostgreSQLFlexPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Postgre SQL Flexible DB accounts with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for PostgreSql Flexible Server\"},\"type\":\"String\"},\"RedisCachePublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Azure Cache for Redis with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Azure Cache for Redis\"},\"type\":\"String\"},\"SqlServerPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Sql servers with exposed public endpoints\",\"displayName\":\"Public network access on Azure SQL Database should be disabled\"},\"type\":\"String\"},\"StoragePublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\",\"displayName\":\"Public network access onStorage accounts should be disabled\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CosmosPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a",
- "policy_group_names": null,
- "reference_id": "CosmosDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('KeyVaultPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b",
- "policy_group_names": null,
- "reference_id": "KeyVaultDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlServerPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780",
- "policy_group_names": null,
- "reference_id": "SqlServerDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StoragePublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693",
- "policy_group_names": null,
- "reference_id": "StorageDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AKSPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8",
- "policy_group_names": null,
- "reference_id": "AKSDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ACRPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f",
- "policy_group_names": null,
- "reference_id": "ACRDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AFSPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7",
- "policy_group_names": null,
- "reference_id": "AFSDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48",
- "policy_group_names": null,
- "reference_id": "PostgreSQLFlexDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLFlexPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052",
- "policy_group_names": null,
- "reference_id": "MySQLFlexDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('BatchPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488",
- "policy_group_names": null,
- "reference_id": "BatchDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MariaDbPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077",
- "policy_group_names": null,
- "reference_id": "MariaDbDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MlPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce",
- "policy_group_names": null,
- "reference_id": "MlDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisCachePublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663",
- "policy_group_names": null,
- "reference_id": "RedisCacheDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('BotServicePublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d",
- "policy_group_names": null,
- "reference_id": "BotServiceDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AutomationPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6",
- "policy_group_names": null,
- "reference_id": "AutomationDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppConfigPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187",
- "policy_group_names": null,
- "reference_id": "AppConfigDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FunctionPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127",
- "policy_group_names": null,
- "reference_id": "FunctionDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AsePublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3",
- "policy_group_names": null,
- "reference_id": "AseDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AsPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba",
- "policy_group_names": null,
- "reference_id": "AsDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ApiManPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd",
- "policy_group_names": null,
- "reference_id": "ApiManDenyPublicIP"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.",
- "display_name": "DenyAction Delete - Activity Log Settings and Diagnostic Settings",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "DenyAction-DeleteProtection",
- "parameters": null,
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs",
- "policy_group_names": null,
- "reference_id": "DenyActionDelete-DiagnosticSettings"
- },
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs",
- "policy_group_names": null,
- "reference_id": "DenyActionDelete-ActivityLogSettings"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included ",
- "display_name": "Deploy Diagnostic Settings to Azure Services",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.2.0\"}",
- "name": "Deploy-Diagnostics-LogAnalytics",
- "parameters": "{\"ACILogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\",\"displayName\":\"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\"},\"type\":\"String\"},\"ACRLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics enabled.\",\"displayName\":\"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\"},\"type\":\"String\"},\"AKSLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\",\"displayName\":\"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\"},\"type\":\"String\"},\"APIMgmtLogAnalyticsDestinationType\":{\"allowedValues\":[\"AzureDiagnostics\",\"Dedicated\"],\"defaultValue\":\"AzureDiagnostics\",\"metadata\":{\"description\":\"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\",\"displayName\":\"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\"},\"type\":\"String\"},\"APIMgmtLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for API Management to Log Analytics workspace\"},\"type\":\"String\"},\"APIforFHIRLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\"},\"type\":\"String\"},\"AVDScalingPlansLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\"},\"type\":\"String\"},\"AnalysisServiceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\"},\"type\":\"String\"},\"AppServiceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\"},\"type\":\"String\"},\"AppServiceWebappLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for App Service to Log Analytics workspace\"},\"type\":\"String\"},\"ApplicationGatewayLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\"},\"type\":\"String\"},\"AutomationLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Automation to Log Analytics workspace\"},\"type\":\"String\"},\"BastionLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\"},\"type\":\"String\"},\"BatchLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Batch to Log Analytics workspace\"},\"type\":\"String\"},\"CDNEndpointsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\"},\"type\":\"String\"},\"CognitiveServicesLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\"},\"type\":\"String\"},\"CosmosLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\"},\"type\":\"String\"},\"DataExplorerClusterLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\"},\"type\":\"String\"},\"DataFactoryLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\"},\"type\":\"String\"},\"DataLakeAnalyticsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\"},\"type\":\"String\"},\"DataLakeStoreLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\"},\"type\":\"String\"},\"DatabricksLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\"},\"type\":\"String\"},\"EventGridSubLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\"},\"type\":\"String\"},\"EventGridTopicLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\"},\"type\":\"String\"},\"EventHubLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\"},\"type\":\"String\"},\"EventSystemTopicLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\"},\"type\":\"String\"},\"ExpressRouteLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\"},\"type\":\"String\"},\"FirewallLogAnalyticsDestinationType\":{\"allowedValues\":[\"AzureDiagnostics\",\"Dedicated\"],\"defaultValue\":\"AzureDiagnostics\",\"metadata\":{\"description\":\"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\",\"displayName\":\"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\"},\"type\":\"String\"},\"FirewallLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\"},\"type\":\"String\"},\"FrontDoorLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\"},\"type\":\"String\"},\"FunctionAppLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\"},\"type\":\"String\"},\"HDInsightLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\"},\"type\":\"String\"},\"IotHubLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\"},\"type\":\"String\"},\"KeyVaultLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\"},\"type\":\"String\"},\"LoadBalancerLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\"},\"type\":\"String\"},\"LogAnalyticsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\",\"displayName\":\"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\"},\"type\":\"String\"},\"LogicAppsISELogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\"},\"type\":\"String\"},\"LogicAppsWFLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\"},\"type\":\"String\"},\"MariaDBLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\"},\"type\":\"String\"},\"MediaServiceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\"},\"type\":\"String\"},\"MlWorkspaceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\"},\"type\":\"String\"},\"MySQLLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\"},\"type\":\"String\"},\"NetworkNICLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\"},\"type\":\"String\"},\"NetworkPublicIPNicLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\"},\"type\":\"String\"},\"NetworkSecurityGroupsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\"},\"type\":\"String\"},\"PostgreSQLLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\"},\"type\":\"String\"},\"PowerBIEmbeddedLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\"},\"type\":\"String\"},\"RedisCacheLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\"},\"type\":\"String\"},\"RelayLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Relay to Log Analytics workspace\"},\"type\":\"String\"},\"SQLDBsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace\"},\"type\":\"String\"},\"SQLElasticPoolsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\"},\"type\":\"String\"},\"SQLMLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\"},\"type\":\"String\"},\"SearchServicesLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\"},\"type\":\"String\"},\"ServiceBusLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace\"},\"type\":\"String\"},\"SignalRLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\"},\"type\":\"String\"},\"StorageAccountsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\"},\"type\":\"String\"},\"StreamAnalyticsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\"},\"type\":\"String\"},\"TimeSeriesInsightsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\"},\"type\":\"String\"},\"TrafficManagerLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\"},\"type\":\"String\"},\"VMSSLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Virtual Machine Scale Sets to stream to a Log Analytics workspace when any Virtual Machine Scale Sets which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\"},\"type\":\"String\"},\"VNetGWLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\",\"displayName\":\"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\"},\"type\":\"String\"},\"VWanS2SVPNGWLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\"},\"type\":\"String\"},\"VirtualMachinesLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\"},\"type\":\"String\"},\"VirtualNetworkLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\"},\"type\":\"String\"},\"WVDAppGroupsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\"},\"type\":\"String\"},\"WVDHostPoolsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\"},\"type\":\"String\"},\"WVDWorkspaceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef",
- "policy_group_names": null,
- "reference_id": "StorageAccountDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb",
- "policy_group_names": null,
- "reference_id": "StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96",
- "policy_group_names": null,
- "reference_id": "StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45",
- "policy_group_names": null,
- "reference_id": "StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0",
- "policy_group_names": null,
- "reference_id": "StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AVDScalingPlansLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans",
- "policy_group_names": null,
- "reference_id": "AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WVDAppGroupsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup",
- "policy_group_names": null,
- "reference_id": "WVDAppGroupDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WVDWorkspaceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace",
- "policy_group_names": null,
- "reference_id": "WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WVDHostPoolsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools",
- "policy_group_names": null,
- "reference_id": "WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ACILogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI",
- "policy_group_names": null,
- "reference_id": "ACIDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ACRLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR",
- "policy_group_names": null,
- "reference_id": "ACRDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('profileName')]\"},\"effect\":{\"value\":\"[parameters('AKSLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8",
- "policy_group_names": null,
- "reference_id": "AKSDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AnalysisServiceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService",
- "policy_group_names": null,
- "reference_id": "AnalysisServiceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('APIforFHIRLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR",
- "policy_group_names": null,
- "reference_id": "APIforFHIRDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('APIMgmtLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logAnalyticsDestinationType\":{\"value\":\"[parameters('APIMgmtLogAnalyticsDestinationType')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt",
- "policy_group_names": null,
- "reference_id": "APIMgmtDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ApplicationGatewayLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway",
- "policy_group_names": null,
- "reference_id": "ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AutomationLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA",
- "policy_group_names": null,
- "reference_id": "AutomationDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('BastionLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion",
- "policy_group_names": null,
- "reference_id": "BastionDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('BatchLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5",
- "policy_group_names": null,
- "reference_id": "BatchDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CDNEndpointsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints",
- "policy_group_names": null,
- "reference_id": "CDNEndpointsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CognitiveServicesLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices",
- "policy_group_names": null,
- "reference_id": "CognitiveServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CosmosLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB",
- "policy_group_names": null,
- "reference_id": "CosmosDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DatabricksLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks",
- "policy_group_names": null,
- "reference_id": "DatabricksDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataExplorerClusterLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster",
- "policy_group_names": null,
- "reference_id": "DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataFactoryLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory",
- "policy_group_names": null,
- "reference_id": "DataFactoryDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataLakeStoreLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03",
- "policy_group_names": null,
- "reference_id": "DataLakeStoreDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics",
- "policy_group_names": null,
- "reference_id": "DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EventGridSubLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub",
- "policy_group_names": null,
- "reference_id": "EventGridSubDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EventGridTopicLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic",
- "policy_group_names": null,
- "reference_id": "EventGridTopicDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EventHubLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579",
- "policy_group_names": null,
- "reference_id": "EventHubDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EventSystemTopicLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic",
- "policy_group_names": null,
- "reference_id": "EventSystemTopicDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ExpressRouteLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute",
- "policy_group_names": null,
- "reference_id": "ExpressRouteDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FirewallLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logAnalyticsDestinationType\":{\"value\":\"[parameters('FirewallLogAnalyticsDestinationType')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall",
- "policy_group_names": null,
- "reference_id": "FirewallDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FrontDoorLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor",
- "policy_group_names": null,
- "reference_id": "FrontDoorDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FunctionAppLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function",
- "policy_group_names": null,
- "reference_id": "FunctionAppDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('HDInsightLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight",
- "policy_group_names": null,
- "reference_id": "HDInsightDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('IotHubLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub",
- "policy_group_names": null,
- "reference_id": "IotHubDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('KeyVaultLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47",
- "policy_group_names": null,
- "reference_id": "KeyVaultDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('LoadBalancerLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer",
- "policy_group_names": null,
- "reference_id": "LoadBalancerDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('LogAnalyticsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics",
- "policy_group_names": null,
- "reference_id": "LogAnalyticsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('LogicAppsISELogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE",
- "policy_group_names": null,
- "reference_id": "LogicAppsISEDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('LogicAppsWFLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721",
- "policy_group_names": null,
- "reference_id": "LogicAppsWFDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MariaDBLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB",
- "policy_group_names": null,
- "reference_id": "MariaDBDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MediaServiceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService",
- "policy_group_names": null,
- "reference_id": "MediaServiceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MlWorkspaceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace",
- "policy_group_names": null,
- "reference_id": "MlWorkspaceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL",
- "policy_group_names": null,
- "reference_id": "MySQLDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups",
- "policy_group_names": null,
- "reference_id": "NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('NetworkNICLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC",
- "policy_group_names": null,
- "reference_id": "NetworkNICDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL",
- "policy_group_names": null,
- "reference_id": "PostgreSQLDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded",
- "policy_group_names": null,
- "reference_id": "PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"True\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648",
- "policy_group_names": null,
- "reference_id": "NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3",
- "policy_group_names": null,
- "reference_id": "RecoveryVaultDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisCacheLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache",
- "policy_group_names": null,
- "reference_id": "RedisCacheDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RelayLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay",
- "policy_group_names": null,
- "reference_id": "RelayDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SearchServicesLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d",
- "policy_group_names": null,
- "reference_id": "SearchServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ServiceBusLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e",
- "policy_group_names": null,
- "reference_id": "ServiceBusDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SignalRLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR",
- "policy_group_names": null,
- "reference_id": "SignalRDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('profileName')]\"},\"effect\":{\"value\":\"[parameters('SQLDBsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84",
- "policy_group_names": null,
- "reference_id": "SQLDatabaseDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools",
- "policy_group_names": null,
- "reference_id": "SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLMLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI",
- "policy_group_names": null,
- "reference_id": "SQLMDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StreamAnalyticsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673",
- "policy_group_names": null,
- "reference_id": "StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights",
- "policy_group_names": null,
- "reference_id": "TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('TrafficManagerLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager",
- "policy_group_names": null,
- "reference_id": "TrafficManagerDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VirtualNetworkLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork",
- "policy_group_names": null,
- "reference_id": "VirtualNetworkDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VirtualMachinesLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM",
- "policy_group_names": null,
- "reference_id": "VirtualMachinesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VMSSLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS",
- "policy_group_names": null,
- "reference_id": "VMSSDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VNetGWLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW",
- "policy_group_names": null,
- "reference_id": "VNetGWDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppServiceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm",
- "policy_group_names": null,
- "reference_id": "AppServiceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppServiceWebappLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website",
- "policy_group_names": null,
- "reference_id": "AppServiceWebappDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW",
- "policy_group_names": null,
- "reference_id": "VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Microsoft Defender for Cloud configuration",
- "display_name": "Deploy Microsoft Defender for Cloud configuration",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Security Center\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"6.0.1\"}",
- "name": "Deploy-MDFC-Config",
- "parameters": "{\"ascExportResourceGroupLocation\":{\"metadata\":{\"description\":\"The location where the resource group and the export to Log Analytics workspace configuration are created.\",\"displayName\":\"Resource Group location for the export to Log Analytics workspace configuration\"},\"type\":\"String\"},\"ascExportResourceGroupName\":{\"metadata\":{\"description\":\"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\",\"displayName\":\"Resource Group name for the export to Log Analytics workspace configuration\"},\"type\":\"String\"},\"emailSecurityContact\":{\"metadata\":{\"description\":\"Provide email address for Microsoft Defender for Cloud contact details\",\"displayName\":\"Security contacts email address\"},\"type\":\"string\"},\"enableAscForApis\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForAppServices\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForArm\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForContainers\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForCosmosDbs\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForCspm\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForDns\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForKeyVault\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForOssDb\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForServers\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForServersVulnerabilityAssessments\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForSql\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForSqlOnVm\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForStorage\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Primary Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"minimalSeverity\":{\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":\"High\",\"metadata\":{\"description\":\"Defines the minimal alert severity which will be sent as email notifications\",\"displayName\":\"Minimal severity\"},\"type\":\"string\"},\"vulnerabilityAssessmentProvider\":{\"allowedValues\":[\"default\",\"mdeTvm\"],\"defaultValue\":\"default\",\"metadata\":{\"description\":\"Select the vulnerability assessment solution to provision to machines.\",\"displayName\":\"Vulnerability assessment provider type\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForOssDb')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a",
- "policy_group_names": null,
- "reference_id": "defenderForOssDb"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForServers')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222",
- "policy_group_names": null,
- "reference_id": "defenderForVM"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForServersVulnerabilityAssessments')]\"},\"vaType\":{\"value\":\"[parameters('vulnerabilityAssessmentProvider')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b",
- "policy_group_names": null,
- "reference_id": "defenderForVMVulnerabilityAssessment"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForSqlOnVm')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3",
- "policy_group_names": null,
- "reference_id": "defenderForSqlServerVirtualMachines"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForAppServices')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d",
- "policy_group_names": null,
- "reference_id": "defenderForAppServices"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForStorage')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390",
- "policy_group_names": null,
- "reference_id": "defenderForStorageAccountsV2"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForContainers')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f",
- "policy_group_names": null,
- "reference_id": "defenderforContainers"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForContainers')]\"},\"logAnalyticsWorkspaceResourceId\":{\"value\":\"[parameters('logAnalytics')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5",
- "policy_group_names": null,
- "reference_id": "defenderforKubernetes"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForContainers')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7",
- "policy_group_names": null,
- "reference_id": "azurePolicyForKubernetes"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForKeyVault')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7",
- "policy_group_names": null,
- "reference_id": "defenderForKeyVaults"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForDns')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f",
- "policy_group_names": null,
- "reference_id": "defenderForDns"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForArm')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9",
- "policy_group_names": null,
- "reference_id": "defenderForArm"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForSql')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491",
- "policy_group_names": null,
- "reference_id": "defenderForSqlPaas"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForCosmosDbs')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542",
- "policy_group_names": null,
- "reference_id": "defenderForCosmosDbs"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForApis')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6",
- "policy_group_names": null,
- "reference_id": "defenderForApis"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForCspm')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd",
- "policy_group_names": null,
- "reference_id": "defenderForCspm"
- },
- {
- "parameter_values": "{\"emailSecurityContact\":{\"value\":\"[parameters('emailSecurityContact')]\"},\"minimalSeverity\":{\"value\":\"[parameters('minimalSeverity')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts",
- "policy_group_names": null,
- "reference_id": "securityEmailContact"
- },
- {
- "parameter_values": "{\"resourceGroupLocation\":{\"value\":\"[parameters('ascExportResourceGroupLocation')]\"},\"resourceGroupName\":{\"value\":\"[parameters('ascExportResourceGroupName')]\"},\"workspaceResourceId\":{\"value\":\"[parameters('logAnalytics')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9",
- "policy_group_names": null,
- "reference_id": "ascExport"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones",
- "display_name": "Configure Azure PaaS services to use private DNS zones",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.1.1\"}",
- "name": "Deploy-Private-DNS-Zones",
- "parameters": "{\"azureAcrPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAcrPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAppPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAppPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAppServicesPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAppServicesPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAsrPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAsrPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAutomationDSCHybridPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAutomationDSCHybridPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAutomationWebhookPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAutomationWebhookPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureBatchPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureBatchPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCognitiveSearchPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCognitiveSearchPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCognitiveServicesPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCognitiveServicesPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosCassandraPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosCassandraPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosGremlinPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosGremlinPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosMongoPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosMongoPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosSQLPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosSQLPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosTablePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosTablePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureDataFactoryPortalPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureDataFactoryPortalPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureDataFactoryPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureDataFactoryPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureDatabricksPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureDatabricksPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureDiskAccessPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureDiskAccessPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureEventGridDomainsPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureEventGridDomainsPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureEventGridTopicsPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureEventGridTopicsPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureEventHubNamespacePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureEventHubNamespacePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureFilePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureFilePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureHDInsightPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureHDInsightPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureIotHubsPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureIotHubsPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureIotPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureIotPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureKeyVaultPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureKeyVaultPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMachineLearningWorkspacePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMachineLearningWorkspacePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMediaServicesKeyPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMediaServicesKeyPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMediaServicesLivePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMediaServicesLivePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMediaServicesStreamPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMediaServicesStreamPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMigratePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMigratePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId1\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId1\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId2\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId2\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId3\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId3\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId4\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId4\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId5\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId5\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureRedisCachePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureRedisCachePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureServiceBusNamespacePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureServiceBusNamespacePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureSignalRPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureSignalRPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageBlobPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageBlobPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageBlobSecPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageBlobSecPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageDFSPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageDFSPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageDFSSecPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageDFSSecPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageFilePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageFilePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageQueuePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageQueuePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageQueueSecPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageQueueSecPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageStaticWebPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageStaticWebPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageStaticWebSecPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageStaticWebSecPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureSynapseDevPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureSynapseDevPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureSynapseSQLODPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureSynapseSQLODPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureSynapseSQLPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureSynapseSQLPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureWebPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureWebPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"string\"},\"effect1\":{\"allowedValues\":[\"deployIfNotExists\",\"Disabled\"],\"defaultValue\":\"deployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"string\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureFilePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-File-Sync"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"Webhook\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Automation-Webhook"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"DSCAndHybridWorker\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Automation-DSCHybrid"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosSQLPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"SQL\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-SQL"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosMongoPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"MongoDB\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-MongoDB"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"Cassandra\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-Cassandra"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"Gremlin\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-Gremlin"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosTablePrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"Table\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-Table"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"listOfGroupIds\":{\"value\":[\"dataFactory\"]},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDataFactoryPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-DataFactory"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"listOfGroupIds\":{\"value\":[\"portal\"]},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-DataFactory-Portal"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"databricks_ui_api\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDatabricksPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Databrics-UI-Api"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"browser_authentication\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDatabricksPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Databrics-Browser-AuthN"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"cluster\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureHDInsightPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-HDInsight"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMigratePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Migrate"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageBlobPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-Blob"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-Blob-Sec"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageQueuePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-Queue"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-Queue-Sec"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageFilePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-File"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-StaticWeb"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-StaticWeb-Sec"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageDFSPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-DFS"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-DFS-Sec"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureSynapseSQLPrivateDnsZoneId')]\"},\"targetSubResource\":{\"value\":\"Sql\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Synapse-SQL"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"},\"targetSubResource\":{\"value\":\"SqlOnDemand\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Synapse-SQL-OnDemand"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureSynapseDevPrivateDnsZoneId')]\"},\"targetSubResource\":{\"value\":\"Dev\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Synapse-Dev"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"keydelivery\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-MediaServices-Key"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"liveevent\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-MediaServices-Live"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"streamingendpoint\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-MediaServices-Stream"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId1\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId1')]\"},\"privateDnsZoneId2\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId2')]\"},\"privateDnsZoneId3\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId3')]\"},\"privateDnsZoneId4\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId4')]\"},\"privateDnsZoneId5\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId5')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Monitor"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureWebPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Web"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureBatchPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Batch"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAppPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-App"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAsrPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Site-Recovery"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureIotPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-IoT"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureKeyVaultPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-KeyVault"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureSignalRPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-SignalR"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAppServicesPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-AppServices"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect1')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-EventGridTopics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDiskAccessPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-DiskAccess"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-CognitiveServices"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect1')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureIotHubsPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-IoTHubs"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect1')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-EventGridDomains"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureRedisCachePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-RedisCache"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAcrPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-ACR"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-EventHubNamespace"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-MachineLearningWorkspace"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-ServiceBusNamespace"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-CognitiveSearch"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment",
- "display_name": "Deploy SQL Database built-in SQL security configuration",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Deploy-Sql-Security",
- "parameters": "{\"SqlDbAuditingSettingsDeploySqlSecurityEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy auditing settings to SQL Database when it not exist in the deployment\",\"displayName\":\"Deploy SQL database auditing settings\"},\"type\":\"String\"},\"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\",\"displayName\":\"Deploy SQL Database security Alert Policies configuration with email admin accounts\"},\"type\":\"String\"},\"SqlDbTdeDeploySqlSecurityEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy the Transparent Data Encryption when it is not enabled in the deployment\",\"displayName\":\"Deploy SQL Database Transparent Data Encryption \"},\"type\":\"String\"},\"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific storage account in the parameters\",\"displayName\":\"Deploy SQL Database vulnerability Assessments\"},\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"metadata\":{\"description\":\"The email address to send alerts\",\"displayName\":\"The email address to send alerts\"},\"type\":\"String\"},\"vulnerabilityAssessmentsStorageID\":{\"metadata\":{\"description\":\"The storage account ID to store assessments\",\"displayName\":\"The storage account ID to store assessments\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f",
- "policy_group_names": null,
- "reference_id": "SqlDbTdeDeploySqlSecurity"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies",
- "policy_group_names": null,
- "reference_id": "SqlDbSecurityAlertPoliciesDeploySqlSecurity"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings",
- "policy_group_names": null,
- "reference_id": "SqlDbAuditingSettingsDeploySqlSecurity"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"},\"vulnerabilityAssessmentsEmail\":{\"value\":\"[parameters('vulnerabilityAssessmentsEmail')]\"},\"vulnerabilityAssessmentsStorageID\":{\"value\":\"[parameters('vulnerabilityAssessmentsStorageID')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments",
- "policy_group_names": null,
- "reference_id": "SqlDbVulnerabilityAssessmentsDeploySqlSecurity"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.",
- "display_name": "Enforce Azure Compute Security Benchmark compliance auditing",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Guest Configuration\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Enforce-ACSB",
- "parameters": "{\"effect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"includeArcMachines\":{\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\",\"metadata\":{\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\",\"displayName\":\"Include Arc connected servers\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e",
- "policy_group_names": null,
- "reference_id": "GcIdentity"
- },
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da",
- "policy_group_names": null,
- "reference_id": "GcLinux"
- },
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6",
- "policy_group_names": null,
- "reference_id": "GcWindows"
- },
- {
- "parameter_values": "{\"IncludeArcMachines\":{\"value\":\"[parameters('includeArcMachines')]\"},\"effect\":{\"value\":\"[parameters('effect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc",
- "policy_group_names": null,
- "reference_id": "WinAcsb"
- },
- {
- "parameter_values": "{\"IncludeArcMachines\":{\"value\":\"[parameters('includeArcMachines')]\"},\"effect\":{\"value\":\"[parameters('effect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd",
- "policy_group_names": null,
- "reference_id": "LinAcsb"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce policies in the Decommissioned Landing Zone.",
- "display_name": "Enforce policies in the Decommissioned Landing Zone",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Decommissioned\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Enforce-ALZ-Decomm",
- "parameters": "{\"listOfResourceTypesAllowed\":{\"defaultValue\":[],\"metadata\":{\"description\":\"Allowed resource types in the Decommissioned landing zone, default is none.\",\"displayName\":\"Allowed resource types in the Decommissioned landing zone\",\"strongType\":\"resourceTypes\"},\"type\":\"Array\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"listOfResourceTypesAllowed\":{\"value\":\"[parameters('listOfResourceTypesAllowed')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c",
- "policy_group_names": null,
- "reference_id": "DecomDenyResources"
- },
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown",
- "policy_group_names": null,
- "reference_id": "DecomShutdownMachines"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce policies in the Sandbox Landing Zone.",
- "display_name": "Enforce policies in the Sandbox Landing Zone",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Sandbox\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Enforce-ALZ-Sandbox",
- "parameters": "{\"effectDenyVnetPeering\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectNotAllowedResources\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"listOfResourceTypesNotAllowed\":{\"defaultValue\":[],\"metadata\":{\"description\":\"Not allowed resource types in the Sandbox landing zone, default is none.\",\"displayName\":\"Not allowed resource types in the Sandbox landing zone\",\"strongType\":\"resourceTypes\"},\"type\":\"Array\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectNotAllowedResources')]\"},\"listOfResourceTypesNotAllowed\":{\"value\":\"[parameters('listOfResourceTypesNotAllowed')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
- "policy_group_names": null,
- "reference_id": "SandboxNotAllowed"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectDenyVnetPeering')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub",
- "policy_group_names": null,
- "reference_id": "SandboxDenyVnetPeering"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. ",
- "display_name": "Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Encryption\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "name": "Enforce-EncryptTransit",
- "parameters": "{\"AKSIngressHttpsOnlyEffect\":{\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\",\"metadata\":{\"description\":\"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"displayName\":\"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\"},\"type\":\"String\"},\"APIAppServiceHttpsEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\"displayName\":\"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\"},\"type\":\"String\"},\"AppServiceHttpEffect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\",\"displayName\":\"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\"},\"type\":\"String\"},\"AppServiceTlsVersionEffect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"App Service. Appends the AppService sites object to ensure that HTTPS only is enabled for server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\",\"displayName\":\"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\"},\"type\":\"String\"},\"AppServiceminTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"App Service. Select version minimum TLS version for a Web App config to enforce\",\"displayName\":\"App Service. Select version minimum TLS Web App config\"},\"type\":\"String\"},\"FunctionLatestTlsEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\",\"displayName\":\"App Service Function App. Latest TLS version should be used in your Function App\"},\"type\":\"String\"},\"FunctionServiceHttpsEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\"displayName\":\"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\"},\"type\":\"String\"},\"MySQLEnableSSLDeployEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\"},\"type\":\"String\"},\"MySQLEnableSSLEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\"},\"type\":\"String\"},\"MySQLminimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for MySQL server to enforce\",\"displayName\":\"MySQL database servers. Select version minimum TLS for MySQL server\"},\"type\":\"String\"},\"PostgreSQLEnableSSLDeployEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\"},\"type\":\"String\"},\"PostgreSQLEnableSSLEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\"},\"type\":\"String\"},\"PostgreSQLminimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"PostgreSQL database servers. Select version minimum TLS version Azure Database for MySQL server to enforce\",\"displayName\":\"PostgreSQL database servers. Select version minimum TLS for MySQL server\"},\"type\":\"String\"},\"RedisMinTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version for a Azure Cache for Redis to enforce\",\"displayName\":\"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\"},\"type\":\"String\"},\"RedisTLSDeployEffect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\"},\"type\":\"String\"},\"RedisTLSEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\",\"displayName\":\"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\"},\"type\":\"String\"},\"SQLManagedInstanceMinTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version for Azure Managed Instanceto to enforce\",\"displayName\":\"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\"},\"type\":\"String\"},\"SQLManagedInstanceTLSDeployEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\"},\"type\":\"String\"},\"SQLManagedInstanceTLSEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\",\"displayName\":\"SQL Managed Instance should have the minimal TLS version of 1.2\"},\"type\":\"String\"},\"SQLServerTLSDeployEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\"},\"type\":\"String\"},\"SQLServerTLSEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\",\"displayName\":\"Azure SQL Database should have the minimal TLS version of 1.2\"},\"type\":\"String\"},\"SQLServerminTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version for Azure SQL Database to enforce\",\"displayName\":\"Azure SQL Database.Select version minimum TLS for Azure SQL Database\"},\"type\":\"String\"},\"StorageDeployHttpsEnabledEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\"displayName\":\"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\"},\"type\":\"String\"},\"StorageHttpsEnabledEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\"displayName\":\"Azure Storage Account. Secure transfer to storage accounts should be enabled\"},\"type\":\"String\"},\"StorageminimumTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_1\",\"TLS1_0\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version on Azure Storage Account to enforce\",\"displayName\":\"Storage Account select minimum TLS version\"},\"type\":\"String\"},\"WebAppServiceHttpsEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\"displayName\":\"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\"},\"type\":\"String\"},\"WebAppServiceLatestTlsEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\",\"displayName\":\"App Service Web App. Latest TLS version should be used in your Web App\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppServiceHttpEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly",
- "policy_group_names": null,
- "reference_id": "AppServiceHttpEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppServiceTlsVersionEffect')]\"},\"minTlsVersion\":{\"value\":\"[parameters('AppServiceminTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS",
- "policy_group_names": null,
- "reference_id": "AppServiceminTlsVersion"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FunctionLatestTlsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193",
- "policy_group_names": null,
- "reference_id": "FunctionLatestTlsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WebAppServiceLatestTlsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
- "policy_group_names": null,
- "reference_id": "WebAppServiceLatestTlsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('APIAppServiceHttpsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http",
- "policy_group_names": null,
- "reference_id": "APIAppServiceHttpsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FunctionServiceHttpsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http",
- "policy_group_names": null,
- "reference_id": "FunctionServiceHttpsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WebAppServiceHttpsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http",
- "policy_group_names": null,
- "reference_id": "WebAppServiceHttpsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AKSIngressHttpsOnlyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d",
- "policy_group_names": null,
- "reference_id": "AKSIngressHttpsOnlyEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLEnableSSLDeployEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('MySQLminimalTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement",
- "policy_group_names": null,
- "reference_id": "MySQLEnableSSLDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLEnableSSLEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('MySQLminimalTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http",
- "policy_group_names": null,
- "reference_id": "MySQLEnableSSLEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLEnableSSLDeployEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('PostgreSQLminimalTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement",
- "policy_group_names": null,
- "reference_id": "PostgreSQLEnableSSLDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLEnableSSLEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('PostgreSQLminimalTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http",
- "policy_group_names": null,
- "reference_id": "PostgreSQLEnableSSLEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisTLSDeployEffect')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('RedisMinTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement",
- "policy_group_names": null,
- "reference_id": "RedisTLSDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisTLSDeployEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort",
- "policy_group_names": null,
- "reference_id": "RedisdisableNonSslPort"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisTLSEffect')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('RedisMinTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http",
- "policy_group_names": null,
- "reference_id": "RedisDenyhttps"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLManagedInstanceTLSDeployEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('SQLManagedInstanceMinTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS",
- "policy_group_names": null,
- "reference_id": "SQLManagedInstanceTLSDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLManagedInstanceTLSEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('SQLManagedInstanceMinTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS",
- "policy_group_names": null,
- "reference_id": "SQLManagedInstanceTLSEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLServerTLSDeployEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('SQLServerminTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS",
- "policy_group_names": null,
- "reference_id": "SQLServerTLSDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLServerTLSEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('SQLServerminTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS",
- "policy_group_names": null,
- "reference_id": "SQLServerTLSEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageHttpsEnabledEffect')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('StorageMinimumTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS",
- "policy_group_names": null,
- "reference_id": "StorageHttpsEnabledEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageDeployHttpsEnabledEffect')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('StorageMinimumTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement",
- "policy_group_names": null,
- "reference_id": "StorageDeployHttpsEnabledEffect"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny or Audit resources without Encryption with a customer-managed key (CMK)",
- "display_name": "Deny or Audit resources without Encryption with a customer-managed key (CMK)",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Encryption\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "name": "Enforce-Encryption-CMK",
- "parameters": "{\"ACRCmkEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\",\"displayName\":\"Container registries should be encrypted with a customer-managed key (CMK)\"},\"type\":\"String\"},\"AksCmkEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\",\"displayName\":\"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\"},\"type\":\"String\"},\"AzureBatchCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\",\"displayName\":\"Azure Batch account should use customer-managed keys to encrypt data\"},\"type\":\"String\"},\"CognitiveServicesCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\",\"displayName\":\"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\"},\"type\":\"String\"},\"CosmosCMKEffect\":{\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\",\"metadata\":{\"description\":\"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\",\"displayName\":\"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\"},\"type\":\"String\"},\"DataBoxCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\",\"displayName\":\"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\"},\"type\":\"String\"},\"EncryptedVMDisksEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\",\"displayName\":\"Disk encryption should be applied on virtual machines\"},\"type\":\"String\"},\"HealthcareAPIsCMKEffect\":{\"allowedValues\":[\"audit\",\"disabled\"],\"defaultValue\":\"audit\",\"metadata\":{\"description\":\"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\",\"displayName\":\"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\"},\"type\":\"String\"},\"MySQLCMKEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\",\"displayName\":\"Azure MySQL servers bring your own key data protection should be enabled\"},\"type\":\"String\"},\"PostgreSQLCMKEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\",\"displayName\":\"Azure PostgreSQL servers bring your own key data protection should be enabled\"},\"type\":\"String\"},\"SqlServerTDECMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\",\"displayName\":\"SQL servers should use customer-managed keys to encrypt data at rest\"},\"type\":\"String\"},\"StorageCMKEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\",\"displayName\":\"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\"},\"type\":\"String\"},\"StreamAnalyticsCMKEffect\":{\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\",\"metadata\":{\"description\":\"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\",\"displayName\":\"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\"},\"type\":\"String\"},\"SynapseWorkspaceCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\",\"displayName\":\"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\"},\"type\":\"String\"},\"WorkspaceCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\",\"displayName\":\"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ACRCmkEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580",
- "policy_group_names": null,
- "reference_id": "ACRCmkDeny"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AksCmkEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67",
- "policy_group_names": null,
- "reference_id": "AksCmkDeny"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WorkspaceCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8",
- "policy_group_names": null,
- "reference_id": "WorkspaceCMK"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CognitiveServicesCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d",
- "policy_group_names": null,
- "reference_id": "CognitiveServicesCMK"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CosmosCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f",
- "policy_group_names": null,
- "reference_id": "CosmosCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataBoxCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae",
- "policy_group_names": null,
- "reference_id": "DataBoxCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StreamAnalyticsCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7",
- "policy_group_names": null,
- "reference_id": "StreamAnalyticsCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SynapseWorkspaceCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385",
- "policy_group_names": null,
- "reference_id": "SynapseWorkspaceCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25",
- "policy_group_names": null,
- "reference_id": "StorageCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833",
- "policy_group_names": null,
- "reference_id": "MySQLCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274",
- "policy_group_names": null,
- "reference_id": "PostgreSQLCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlServerTDECMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8",
- "policy_group_names": null,
- "reference_id": "SqlServerTDECMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('HealthcareAPIsCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119",
- "policy_group_names": null,
- "reference_id": "HealthcareAPIsCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AzureBatchCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a",
- "policy_group_names": null,
- "reference_id": "AzureBatchCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EncryptedVMDisksEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d",
- "policy_group_names": null,
- "reference_id": "EncryptedVMDisksEffect"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce recommended guardrails for Azure Key Vault.",
- "display_name": "Enforce recommended guardrails for Azure Key Vault",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Key Vault\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Enforce-Guardrails-KeyVault",
- "parameters": "{\"effectKvCertLifetime\":{\"allowedValues\":[\"audit\",\"Audit\",\"deny\",\"Deny\",\"disabled\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvFirewallEnabled\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvKeysExpire\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvKeysLifetime\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvPurgeProtection\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvSecretsExpire\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvSecretsLifetime\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvSoftDelete\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"maximumCertLifePercentageLife\":{\"defaultValue\":80,\"metadata\":{\"description\":\"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\",\"displayName\":\"The maximum lifetime percentage\"},\"type\":\"Integer\"},\"minimumCertLifeDaysBeforeExpiry\":{\"defaultValue\":90,\"metadata\":{\"description\":\"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\",\"displayName\":\"The minimum days before expiry\"},\"type\":\"Integer\"},\"minimumKeysLifeDaysBeforeExpiry\":{\"defaultValue\":90,\"metadata\":{\"description\":\"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\",\"displayName\":\"The minimum days before expiry\"},\"type\":\"Integer\"},\"minimumSecretsLifeDaysBeforeExpiry\":{\"defaultValue\":90,\"metadata\":{\"description\":\"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\",\"displayName\":\"The minimum days before expiry\"},\"type\":\"Integer\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvSoftDelete')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d",
- "policy_group_names": null,
- "reference_id": "KvSoftDelete"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvPurgeProtection')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
- "policy_group_names": null,
- "reference_id": "KvPurgeProtection"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvSecretsExpire')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37",
- "policy_group_names": null,
- "reference_id": "KvSecretsExpire"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvKeysExpire')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
- "policy_group_names": null,
- "reference_id": "KvKeysExpire"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvFirewallEnabled')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490",
- "policy_group_names": null,
- "reference_id": "KvFirewallEnabled"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvCertLifetime')]\"},\"maximumPercentageLife\":{\"value\":\"[parameters('maximumCertLifePercentageLife')]\"},\"minimumDaysBeforeExpiry\":{\"value\":\"[parameters('minimumCertLifeDaysBeforeExpiry')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417",
- "policy_group_names": null,
- "reference_id": "KvCertLifetime"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvKeysLifetime')]\"},\"minimumDaysBeforeExpiration\":{\"value\":\"[parameters('minimumKeysLifeDaysBeforeExpiry')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146",
- "policy_group_names": null,
- "reference_id": "KvKeysLifetime"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvSecretsLifetime')]\"},\"minimumDaysBeforeExpiration\":{\"value\":\"[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a",
- "policy_group_names": null,
- "reference_id": "KvSecretsLifetime"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/07824e45-af54-586f-a5f0-4bb8676cb3a2\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/07824e45-af54-586f-a5f0-4bb8676cb3a2",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Delegated role for subscription owner generated from subscription Owner role",
- "name": "[ROOT-ID-1] Subscription-Owner",
- "permissions": [
- {
- "actions": [
- "*"
- ],
- "data_actions": null,
- "not_actions": [
- "Microsoft.Authorization/*/write",
- "Microsoft.Network/vpnGateways/*",
- "Microsoft.Network/expressRouteCircuits/*",
- "Microsoft.Network/routeTables/write",
- "Microsoft.Network/vpnSites/*"
- ],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "07824e45-af54-586f-a5f0-4bb8676cb3a2",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false
- ],
- "not_actions": [
- false,
- false,
- false,
- false,
- false
- ]
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/3b569e18-4af0-5c97-932c-0447cae64922\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/3b569e18-4af0-5c97-932c-0447cae64922",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Security Administrator role with a horizontal view across the entire Azure estate and the Azure Key Vault purge policy.",
- "name": "[ROOT-ID-1] Security-Operations",
- "permissions": [
- {
- "actions": [
- "*/read",
- "*/register/action",
- "Microsoft.KeyVault/locations/deletedVaults/purge/action",
- "Microsoft.PolicyInsights/*",
- "Microsoft.Authorization/policyAssignments/*",
- "Microsoft.Authorization/policyDefinitions/*",
- "Microsoft.Authorization/policyExemptions/*",
- "Microsoft.Authorization/policySetDefinitions/*",
- "Microsoft.Insights/alertRules/*",
- "Microsoft.Resources/deployments/*",
- "Microsoft.Security/*",
- "Microsoft.Support/*"
- ],
- "data_actions": null,
- "not_actions": [],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "3b569e18-4af0-5c97-932c-0447cae64922",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false
- ],
- "not_actions": []
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/61e44ab2-d16b-5ea5-8692-f9b97be416fa\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/61e44ab2-d16b-5ea5-8692-f9b97be416fa",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Platform-wide global connectivity management: virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others",
- "name": "[ROOT-ID-1] Network-Management",
- "permissions": [
- {
- "actions": [
- "*/read",
- "Microsoft.Network/*",
- "Microsoft.Resources/deployments/*",
- "Microsoft.Support/*"
- ],
- "data_actions": null,
- "not_actions": [],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "61e44ab2-d16b-5ea5-8692-f9b97be416fa",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false,
- false,
- false,
- false
- ],
- "not_actions": []
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/6a8ddaca-120a-579a-a375-1abe30d29f6d\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/6a8ddaca-120a-579a-a375-1abe30d29f6d",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Enterprise-scale custom Role Definition. Grants full access to manage Virtual Network subnets, but no other network resources.",
- "name": "[ROOT-ID-1] Network-Subnet-Contributor",
- "permissions": [
- {
- "actions": [
- "Microsoft.Authorization/*/read",
- "Microsoft.Insights/alertRules/*",
- "Microsoft.ResourceHealth/availabilityStatuses/read",
- "Microsoft.Resources/deployments/*",
- "Microsoft.Resources/subscriptions/resourceGroups/read",
- "Microsoft.Support/*",
- "Microsoft.Network/*/read",
- "Microsoft.Network/virtualNetworks/subnets/*"
- ],
- "data_actions": null,
- "not_actions": [],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "6a8ddaca-120a-579a-a375-1abe30d29f6d",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false
- ],
- "not_actions": []
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/8fed4ea0-34b3-55af-93e0-fbaa8f3ed158\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/8fed4ea0-34b3-55af-93e0-fbaa8f3ed158",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Contributor role granted for application/operations team at resource group level",
- "name": "[ROOT-ID-1] Application-Owners",
- "permissions": [
- {
- "actions": [
- "*"
- ],
- "data_actions": null,
- "not_actions": [
- "Microsoft.Authorization/*/write",
- "Microsoft.Network/publicIPAddresses/write",
- "Microsoft.Network/virtualNetworks/write",
- "Microsoft.KeyVault/locations/deletedVaults/purge/action"
- ],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "8fed4ea0-34b3-55af-93e0-fbaa8f3ed158",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false
- ],
- "not_actions": [
- false,
- false,
- false,
- false
- ]
- }
- ]
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_management_group",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_management_group",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "120s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_management_group_level_1": "[\"/providers/Microsoft.Management/managementGroups/root-id-1\"]",
- "azurerm_management_group_level_2": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1-platform\",\"/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes\"]",
- "azurerm_management_group_level_3": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity\",\"/providers/Microsoft.Management/managementGroups/root-id-1-management\"]",
- "azurerm_management_group_level_4": "[]",
- "azurerm_management_group_level_5": "[]",
- "azurerm_management_group_level_6": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_policy_assignment",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_assignment",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_management_group_policy_assignment_enterprise_scale": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\",\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Audit-AppGW-WAF\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-IP-forwarding\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Priv-Esc-AKS\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Privileged-AKS\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Storage-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-AKS-HTTPS\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\",\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1-platform/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\",\"/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Sandbox\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Audit-UnusedResources\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Classic-Resources\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-UnmanagedDisk\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VMSS-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_policy_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_policy_definition_enterprise_scale": "[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-KV-SoftDelete\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-MachineLearning-PrivateEndpointId\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AA-child-resources\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGW-Without-WAF\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-NoPublicIp\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-Sku\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-VirtualNetwork\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureAuth\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureKerberos\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbChannel\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbVersions\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Aks\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-SubnetId\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-VmSize\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-Scale\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-HbiWorkspace\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicAccessWhenBehindVnet\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Private-DNS-Zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-RDP-From-Internet\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-StorageAccount-CustomDomain\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Penp\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-UDR-With-Specific-NextHop\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peering-To-Non-Approved-VNETs\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNet-Peering\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Budget\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Custom-Route-Table\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-DDoSProtection\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-FirewallPolicy\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs-to-LA\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-VNET-HubSpoke\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Windows-DomainJoin\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_policy_set_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_set_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_policy_set_definition_enterprise_scale": "[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Audit-UnusedResourcesCostOptimization\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_role_assignment",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_role_assignment",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "0s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_role_assignment_enterprise_scale": "[]",
- "module_role_assignments_for_policy": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\",\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\",\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VMSS-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_role_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_role_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "60s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_role_definition_enterprise_scale": "[\"/providers/Microsoft.Authorization/roleDefinitions/07824e45-af54-586f-a5f0-4bb8676cb3a2\",\"/providers/Microsoft.Authorization/roleDefinitions/3b569e18-4af0-5c97-932c-0447cae64922\",\"/providers/Microsoft.Authorization/roleDefinitions/61e44ab2-d16b-5ea5-8692-f9b97be416fa\",\"/providers/Microsoft.Authorization/roleDefinitions/6a8ddaca-120a-579a-a375-1abe30d29f6d\",\"/providers/Microsoft.Authorization/roleDefinitions/8fed4ea0-34b3-55af-93e0-fbaa8f3ed158\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- }
- ],
- "address": "module.test_core",
- "child_modules": [
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/roleAssignments/bfe36639-f89e-5737-81df-f575c532b31a\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/roleAssignments/bfe36639-f89e-5737-81df-f575c532b31a",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "bfe36639-f89e-5737-81df-f575c532b31a",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/roleAssignments/aabcf781-5c4c-5952-863f-e51732fcdf1b\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/roleAssignments/aabcf781-5c4c-5952-863f-e51732fcdf1b",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "aabcf781-5c4c-5952-863f-e51732fcdf1b",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/roleAssignments/10acbd2f-bfdd-5c38-bf46-3a67cafdeaf3\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/roleAssignments/10acbd2f-bfdd-5c38-bf46-3a67cafdeaf3",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "10acbd2f-bfdd-5c38-bf46-3a67cafdeaf3",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/roleAssignments/1358ccb0-1ad3-5974-ae44-7f5728c09678\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/roleAssignments/1358ccb0-1ad3-5974-ae44-7f5728c09678",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "1358ccb0-1ad3-5974-ae44-7f5728c09678",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/e3bad489-c3ed-57c4-9802-e4c4a84ed145\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/e3bad489-c3ed-57c4-9802-e4c4a84ed145",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e3bad489-c3ed-57c4-9802-e4c4a84ed145",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/ef4aaac1-624f-57fb-8444-3d2fdd091a35\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/ef4aaac1-624f-57fb-8444-3d2fdd091a35",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "ef4aaac1-624f-57fb-8444-3d2fdd091a35",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/18ed5180-3e48-46fd-8541-4ea054d57064",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/62d19ca1-fb31-5489-859f-f43578c5e409\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/62d19ca1-fb31-5489-859f-f43578c5e409",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "62d19ca1-fb31-5489-859f-f43578c5e409",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/dedede29-96ae-5d67-84a4-70b555716715\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/dedede29-96ae-5d67-84a4-70b555716715",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "dedede29-96ae-5d67-84a4-70b555716715",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/3017df2e-5df0-5373-bb0c-c255e0127c77\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/3017df2e-5df0-5373-bb0c-c255e0127c77",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "3017df2e-5df0-5373-bb0c-c255e0127c77",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/533932d3-0f16-59eb-84b8-893805c84e9c\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/533932d3-0f16-59eb-84b8-893805c84e9c",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "533932d3-0f16-59eb-84b8-893805c84e9c",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/8a906dc2-5af6-5c64-a065-e5782483b6b7\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/8a906dc2-5af6-5c64-a065-e5782483b6b7",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "8a906dc2-5af6-5c64-a065-e5782483b6b7",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/ee60d5ba-80b7-58dc-b6c6-1e0ceaaaf879\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/ee60d5ba-80b7-58dc-b6c6-1e0ceaaaf879",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "ee60d5ba-80b7-58dc-b6c6-1e0ceaaaf879",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/1c659f37-1ad5-5577-bc68-922ba20d7523\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/1c659f37-1ad5-5577-bc68-922ba20d7523",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "1c659f37-1ad5-5577-bc68-922ba20d7523",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/a6a1084c-d0cb-5064-b41f-1bd6af819efb\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/a6a1084c-d0cb-5064-b41f-1bd6af819efb",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "a6a1084c-d0cb-5064-b41f-1bd6af819efb",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/d38c8a09-e2ee-5c09-b677-e38676280c29\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/d38c8a09-e2ee-5c09-b677-e38676280c29",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "d38c8a09-e2ee-5c09-b677-e38676280c29",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/d52d1c28-60ce-5efa-8f6d-0e1a32be16b6\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/d52d1c28-60ce-5efa-8f6d-0e1a32be16b6",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "d52d1c28-60ce-5efa-8f6d-0e1a32be16b6",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/e9d4bb72-a2e6-5c7f-9354-3ea5c9ae9f87\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/e9d4bb72-a2e6-5c7f-9354-3ea5c9ae9f87",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e9d4bb72-a2e6-5c7f-9354-3ea5c9ae9f87",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/roleAssignments/8f7e20b7-7a5d-551d-b4fd-047861c4bc93\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/roleAssignments/8f7e20b7-7a5d-551d-b4fd-047861c4bc93",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "8f7e20b7-7a5d-551d-b4fd-047861c4bc93",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-management",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/a82e8238-8bda-508f-84b5-f732aae9ee5e\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/a82e8238-8bda-508f-84b5-f732aae9ee5e",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "a82e8238-8bda-508f-84b5-f732aae9ee5e",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/c7bf76e5-9636-5f92-ad46-22d49ea5c086\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/c7bf76e5-9636-5f92-ad46-22d49ea5c086",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "c7bf76e5-9636-5f92-ad46-22d49ea5c086",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/e01a72e6-27ce-5ca0-acac-7e07b933740a\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/e01a72e6-27ce-5ca0-acac-7e07b933740a",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e01a72e6-27ce-5ca0-acac-7e07b933740a",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/22ff9bc8-ce29-51d8-b952-886206aa9339\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/22ff9bc8-ce29-51d8-b952-886206aa9339",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "22ff9bc8-ce29-51d8-b952-886206aa9339",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/9ce4af18-ce8a-5ff5-b9d3-5b2718531aa3\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/9ce4af18-ce8a-5ff5-b9d3-5b2718531aa3",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "9ce4af18-ce8a-5ff5-b9d3-5b2718531aa3",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/a73d060f-b4c9-5c45-bdd2-5bca0354d723\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/a73d060f-b4c9-5c45-bdd2-5bca0354d723",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "a73d060f-b4c9-5c45-bdd2-5bca0354d723",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/cb5f0a98-31a9-5269-9403-a186cfc43943\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/cb5f0a98-31a9-5269-9403-a186cfc43943",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "cb5f0a98-31a9-5269-9403-a186cfc43943",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/fcd93ba4-ff33-5824-a504-b432c2dfd3a7\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/fcd93ba4-ff33-5824-a504-b432c2dfd3a7",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "fcd93ba4-ff33-5824-a504-b432c2dfd3a7",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/18ed5180-3e48-46fd-8541-4ea054d57064",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/ff44dd66-55e9-54b4-be99-411f2ea2888d\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/ff44dd66-55e9-54b4-be99-411f2ea2888d",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "ff44dd66-55e9-54b4-be99-411f2ea2888d",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/14538d97-4a28-5d98-889f-4466a399396f\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/14538d97-4a28-5d98-889f-4466a399396f",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "14538d97-4a28-5d98-889f-4466a399396f",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/48b3e1cf-ed37-5c12-b92e-ffe2a7a7e5f7\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/48b3e1cf-ed37-5c12-b92e-ffe2a7a7e5f7",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "48b3e1cf-ed37-5c12-b92e-ffe2a7a7e5f7",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/51ed04ed-dae3-5fd3-9fa6-eea4b794c795\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/51ed04ed-dae3-5fd3-9fa6-eea4b794c795",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "51ed04ed-dae3-5fd3-9fa6-eea4b794c795",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/6069b84d-76fc-5db3-905b-09304bb00f79\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/6069b84d-76fc-5db3-905b-09304bb00f79",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "6069b84d-76fc-5db3-905b-09304bb00f79",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/944bd159-55ad-5350-963c-316d127a5fd2\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/944bd159-55ad-5350-963c-316d127a5fd2",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "944bd159-55ad-5350-963c-316d127a5fd2",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VMSS-Monitoring\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/11a25eeb-1f4e-513b-a393-4fac399cc28b\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/11a25eeb-1f4e-513b-a393-4fac399cc28b",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "11a25eeb-1f4e-513b-a393-4fac399cc28b",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VMSS-Monitoring\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/d5b3a73f-9905-52fc-ba6b-908193f1c36f\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/d5b3a73f-9905-52fc-ba6b-908193f1c36f",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "d5b3a73f-9905-52fc-ba6b-908193f1c36f",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VMSS-Monitoring\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/3d3e8314-e2b2-5209-a43a-7e53ddabe248\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/3d3e8314-e2b2-5209-a43a-7e53ddabe248",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "3d3e8314-e2b2-5209-a43a-7e53ddabe248",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"]"
- }
- ]
- }
- ]
- }
-}
diff --git a/tests/modules/test_001_baseline/settings.tf b/tests/modules/test_001_baseline/settings.tf
index 11d52e2fb..98ed73d76 100644
--- a/tests/modules/test_001_baseline/settings.tf
+++ b/tests/modules/test_001_baseline/settings.tf
@@ -1,6 +1,9 @@
# Obtain configuration settings.
module "settings" {
source = "../settings"
+ providers = {
+ azurerm = azurerm.management
+ }
root_id = var.root_id
primary_location = var.primary_location
diff --git a/tests/modules/test_001_baseline/terraform.tf b/tests/modules/test_001_baseline/terraform.tf
index ed80d4e44..dd5cd3f33 100644
--- a/tests/modules/test_001_baseline/terraform.tf
+++ b/tests/modules/test_001_baseline/terraform.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "3.74.0"
+ version = "3.107.0"
configuration_aliases = [
azurerm.connectivity,
azurerm.management,
diff --git a/tests/modules/test_002_add_custom_core/baseline_values.json b/tests/modules/test_002_add_custom_core/baseline_values.json
deleted file mode 100644
index 6231be947..000000000
--- a/tests/modules/test_002_add_custom_core/baseline_values.json
+++ /dev/null
@@ -1,9280 +0,0 @@
-{
- "root_module": {
- "child_modules": [
- {
- "resources": [
- {
- "address": "module.settings.azurerm_resource_group.example",
- "mode": "managed",
- "type": "azurerm_resource_group",
- "name": "example",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "location": "northeurope",
- "managed_by": null,
- "name": "rg-identity",
- "tags": null,
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.settings.azurerm_user_assigned_identity.example",
- "mode": "managed",
- "type": "azurerm_user_assigned_identity",
- "name": "example",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "location": "northeurope",
- "name": "id-identity",
- "resource_group_name": "rg-identity",
- "tags": null,
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.settings"
- },
- {
- "resources": [
- {
- "address": "module.test_core.azurerm_management_group.level_1[\"/providers/Microsoft.Management/managementGroups/root-id-1\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_1",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "root-name",
- "name": "root-id-1",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/dac8feee-8768-4fbd-9cf9-9d96d4718018",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_2[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_2",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Decommissioned",
- "name": "root-id-1-decommissioned",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_2[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_2",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Landing Zones",
- "name": "root-id-1-landing-zones",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_2[\"/providers/Microsoft.Management/managementGroups/root-id-1-platform\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_2",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Platform",
- "name": "root-id-1-platform",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_2[\"/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_2",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Sandboxes",
- "name": "root-id-1-sandboxes",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Connectivity",
- "name": "root-id-1-connectivity",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Corp",
- "name": "root-id-1-corp",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Corp (Demo)",
- "name": "root-id-1-demo-corp",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-online\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-online",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Online (Demo)",
- "name": "root-id-1-demo-online",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-sap\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-sap",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "SAP (Demo)",
- "name": "root-id-1-demo-sap",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Identity",
- "name": "root-id-1-identity",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-management\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-management",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Management",
- "name": "root-id-1-management",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-online\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-online",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Online",
- "name": "root-id-1-online",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-sap\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-sap",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "SAP",
- "name": "root-id-1-sap",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Secure Workloads (HITRUST/HIPAA)",
- "name": "root-id-1-secure",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_4[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-emea\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_4",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-emea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "EMEA Web Applications",
- "name": "root-id-1-web-emea",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-online",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_4[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-global\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_4",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-global",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Global Web Applications",
- "name": "root-id-1-web-global",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-online",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_4[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-us\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_4",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-us",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "US Web Applications",
- "name": "root-id-1-web-us",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-online",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Protect your virtual networks against volumetric and protocol attacks with Azure DDoS Network Protection. For more information, visit https://aka.ms/ddosprotectiondocs.",
- "display_name": "Virtual networks should be protected by Azure DDoS Network Protection",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "name": "Enable-DDoS-VNET",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"ddosPlan\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-ddos/providers/Microsoft.Network/ddosProtectionPlans/root-id-1-ddos-northeurope\"},\"effect\":{\"value\":\"Modify\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Audit-PeDnsZones\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Audit-PeDnsZones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audits the deployment of Private Link Private DNS Zone resources in the Corp landing zone.",
- "display_name": "Audit Private Link Private DNS Zone resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "name": "Audit-PeDnsZones",
- "non_compliance_message": [
- {
- "content": "Private Link Private DNS Zone resources must be deployed in the Corp landing zone.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Audit\"},\"privateLinkDnsZones\":{\"value\":[\"privatelink.adf.azure.com\",\"privatelink.afs.azure.net\",\"privatelink.agentsvc.azure-automation.net\",\"privatelink.analysis.windows.net\",\"privatelink.api.azureml.ms\",\"privatelink.azconfig.io\",\"privatelink.azure-api.net\",\"privatelink.azure-automation.net\",\"privatelink.azurecr.io\",\"privatelink.azure-devices.net\",\"privatelink.azure-devices-provisioning.net\",\"privatelink.azuredatabricks.net\",\"privatelink.azurehdinsight.net\",\"privatelink.azurehealthcareapis.com\",\"privatelink.azurestaticapps.net\",\"privatelink.azuresynapse.net\",\"privatelink.azurewebsites.net\",\"privatelink.northeurope.batch.azure.com\",\"privatelink.blob.core.windows.net\",\"privatelink.cassandra.cosmos.azure.com\",\"privatelink.cognitiveservices.azure.com\",\"privatelink.database.windows.net\",\"privatelink.datafactory.azure.net\",\"privatelink.dev.azuresynapse.net\",\"privatelink.dfs.core.windows.net\",\"privatelink.dicom.azurehealthcareapis.com\",\"privatelink.digitaltwins.azure.net\",\"privatelink.directline.botframework.com\",\"privatelink.documents.azure.com\",\"privatelink.eventgrid.azure.net\",\"privatelink.file.core.windows.net\",\"privatelink.gremlin.cosmos.azure.com\",\"privatelink.guestconfiguration.azure.com\",\"privatelink.his.arc.azure.com\",\"privatelink.kubernetesconfiguration.azure.com\",\"privatelink.managedhsm.azure.net\",\"privatelink.mariadb.database.azure.com\",\"privatelink.media.azure.net\",\"privatelink.mongo.cosmos.azure.com\",\"privatelink.monitor.azure.com\",\"privatelink.mysql.database.azure.com\",\"privatelink.notebooks.azure.net\",\"privatelink.ods.opinsights.azure.com\",\"privatelink.oms.opinsights.azure.com\",\"privatelink.pbidedicated.windows.net\",\"privatelink.postgres.database.azure.com\",\"privatelink.prod.migration.windowsazure.com\",\"privatelink.purview.azure.com\",\"privatelink.purviewstudio.azure.com\",\"privatelink.queue.core.windows.net\",\"privatelink.redis.cache.windows.net\",\"privatelink.redisenterprise.cache.azure.net\",\"privatelink.search.windows.net\",\"privatelink.service.signalr.net\",\"privatelink.servicebus.windows.net\",\"privatelink.siterecovery.windowsazure.com\",\"privatelink.sql.azuresynapse.net\",\"privatelink.table.core.windows.net\",\"privatelink.table.cosmos.azure.com\",\"privatelink.tip1.powerquery.microsoft.com\",\"privatelink.token.botframework.com\",\"privatelink.vaultcore.azure.net\",\"privatelink.web.core.windows.net\",\"privatelink.webpubsub.azure.com\"]}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-HybridNetworking\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-HybridNetworking",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Denies deployment of vWAN/ER/VPN gateway resources in the Corp landing zone.",
- "display_name": "Deny the deployment of vWAN/ER/VPN gateway resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "name": "Deny-HybridNetworking",
- "non_compliance_message": [
- {
- "content": "vWAN/ER/VPN gateway resources must not be deployed in the Corp landing zone.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"},\"listOfResourceTypesNotAllowed\":{\"value\":[\"microsoft.network/expressroutecircuits\",\"microsoft.network/expressroutegateways\",\"microsoft.network/expressrouteports\",\"microsoft.network/virtualwans\",\"microsoft.network/virtualhubs\",\"microsoft.network/vpngateways\",\"microsoft.network/p2svpngateways\",\"microsoft.network/vpnsites\",\"microsoft.network/virtualnetworkgateways\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-Endpoints\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-Endpoints",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints",
- "display_name": "Public network access should be disabled for PaaS services",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "name": "Deny-Public-Endpoints",
- "non_compliance_message": [
- {
- "content": "Public network access must be disabled for PaaS services.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP-On-NIC\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP-On-NIC",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies network interfaces from having a public IP associated to it under the assigned scope.",
- "display_name": "Deny network interfaces having a public IP associated",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "name": "Deny-Public-IP-On-NIC",
- "non_compliance_message": [
- {
- "content": "Network interfaces must not have a public IP associated.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones",
- "display_name": "Configure Azure PaaS services to use private DNS zones",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "name": "Deploy-Private-DNS-Zones",
- "non_compliance_message": [
- {
- "content": "Azure PaaS services should use private DNS zones.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"azureAcrPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io\"},\"azureAppPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io\"},\"azureAppServicesPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net\"},\"azureAsrPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.siterecovery.windowsazure.com\"},\"azureAutomationDSCHybridPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net\"},\"azureAutomationWebhookPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net\"},\"azureBatchPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com\"},\"azureCognitiveSearchPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net\"},\"azureCognitiveServicesPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com\"},\"azureCosmosCassandraPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cassandra.cosmos.azure.com\"},\"azureCosmosGremlinPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.gremlin.cosmos.azure.com\"},\"azureCosmosMongoPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mongo.cosmos.azure.com\"},\"azureCosmosSQLPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com\"},\"azureCosmosTablePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.cosmos.azure.com\"},\"azureDataFactoryPortalPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com\"},\"azureDataFactoryPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net\"},\"azureDatabricksPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azuredatabricks.net\"},\"azureDiskAccessPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net\"},\"azureEventGridDomainsPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net\"},\"azureEventGridTopicsPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net\"},\"azureEventHubNamespacePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net\"},\"azureFilePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.afs.azure.net\"},\"azureHDInsightPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurehdinsight.net\"},\"azureIotHubsPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net\"},\"azureIotPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices-provisioning.net\"},\"azureKeyVaultPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net\"},\"azureMachineLearningWorkspacePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms\"},\"azureMediaServicesKeyPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net\"},\"azureMediaServicesLivePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net\"},\"azureMediaServicesStreamPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net\"},\"azureMigratePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.prod.migration.windowsazure.com\"},\"azureMonitorPrivateDnsZoneId1\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.monitor.azure.com\"},\"azureMonitorPrivateDnsZoneId2\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.oms.opinsights.azure.com\"},\"azureMonitorPrivateDnsZoneId3\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.ods.opinsights.azure.com\"},\"azureMonitorPrivateDnsZoneId4\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.agentsvc.azure-automation.net\"},\"azureMonitorPrivateDnsZoneId5\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net\"},\"azureRedisCachePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.redis.cache.windows.net\"},\"azureServiceBusNamespacePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net\"},\"azureSignalRPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.service.signalr.net\"},\"azureStorageBlobPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net\"},\"azureStorageBlobSecPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net\"},\"azureStorageDFSPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dfs.core.windows.net\"},\"azureStorageDFSSecPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dfs.core.windows.net\"},\"azureStorageFilePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net\"},\"azureStorageQueuePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net\"},\"azureStorageQueueSecPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net\"},\"azureStorageStaticWebPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net\"},\"azureStorageStaticWebSecPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net\"},\"azureSynapseDevPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net\"},\"azureSynapseSQLODPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net\"},\"azureSynapseSQLPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net\"},\"azureWebPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative will help enforce and govern subscriptions that are placed within the decommissioned Management Group as part of your Subscription decommissioning process. See https://aka.ms/alz/policies for more information.",
- "display_name": "Enforce ALZ Decommissioned Guardrails",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned",
- "name": "Enforce-ALZ-Decomm",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfResourceTypesAllowed\":{\"value\":[\"microsoft.consumption/tags\",\"microsoft.authorization/roleassignments\",\"microsoft.authorization/roledefinitions\",\"microsoft.authorization/policyassignments\",\"microsoft.authorization/locks\",\"microsoft.authorization/policydefinitions\",\"microsoft.authorization/policysetdefinitions\",\"microsoft.resources/tags\",\"microsoft.authorization/roleeligibilityschedules\",\"microsoft.authorization/roleeligibilityscheduleinstances\",\"microsoft.authorization/roleassignmentschedules\",\"microsoft.authorization/roleassignmentscheduleinstances\"]}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Audit-PeDnsZones\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Audit-PeDnsZones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audits the deployment of Private Link Private DNS Zone resources in the Corp landing zone.",
- "display_name": "Audit Private Link Private DNS Zone resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp",
- "name": "Audit-PeDnsZones",
- "non_compliance_message": [
- {
- "content": "Private Link Private DNS Zone resources must be deployed in the Corp landing zone.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Audit\"},\"privateLinkDnsZones\":{\"value\":[\"privatelink.adf.azure.com\",\"privatelink.afs.azure.net\",\"privatelink.agentsvc.azure-automation.net\",\"privatelink.analysis.windows.net\",\"privatelink.api.azureml.ms\",\"privatelink.azconfig.io\",\"privatelink.azure-api.net\",\"privatelink.azure-automation.net\",\"privatelink.azurecr.io\",\"privatelink.azure-devices.net\",\"privatelink.azure-devices-provisioning.net\",\"privatelink.azuredatabricks.net\",\"privatelink.azurehdinsight.net\",\"privatelink.azurehealthcareapis.com\",\"privatelink.azurestaticapps.net\",\"privatelink.azuresynapse.net\",\"privatelink.azurewebsites.net\",\"privatelink.northeurope.batch.azure.com\",\"privatelink.blob.core.windows.net\",\"privatelink.cassandra.cosmos.azure.com\",\"privatelink.cognitiveservices.azure.com\",\"privatelink.database.windows.net\",\"privatelink.datafactory.azure.net\",\"privatelink.dev.azuresynapse.net\",\"privatelink.dfs.core.windows.net\",\"privatelink.dicom.azurehealthcareapis.com\",\"privatelink.digitaltwins.azure.net\",\"privatelink.directline.botframework.com\",\"privatelink.documents.azure.com\",\"privatelink.eventgrid.azure.net\",\"privatelink.file.core.windows.net\",\"privatelink.gremlin.cosmos.azure.com\",\"privatelink.guestconfiguration.azure.com\",\"privatelink.his.arc.azure.com\",\"privatelink.kubernetesconfiguration.azure.com\",\"privatelink.managedhsm.azure.net\",\"privatelink.mariadb.database.azure.com\",\"privatelink.media.azure.net\",\"privatelink.mongo.cosmos.azure.com\",\"privatelink.monitor.azure.com\",\"privatelink.mysql.database.azure.com\",\"privatelink.notebooks.azure.net\",\"privatelink.ods.opinsights.azure.com\",\"privatelink.oms.opinsights.azure.com\",\"privatelink.pbidedicated.windows.net\",\"privatelink.postgres.database.azure.com\",\"privatelink.prod.migration.windowsazure.com\",\"privatelink.purview.azure.com\",\"privatelink.purviewstudio.azure.com\",\"privatelink.queue.core.windows.net\",\"privatelink.redis.cache.windows.net\",\"privatelink.redisenterprise.cache.azure.net\",\"privatelink.search.windows.net\",\"privatelink.service.signalr.net\",\"privatelink.servicebus.windows.net\",\"privatelink.siterecovery.windowsazure.com\",\"privatelink.sql.azuresynapse.net\",\"privatelink.table.core.windows.net\",\"privatelink.table.cosmos.azure.com\",\"privatelink.tip1.powerquery.microsoft.com\",\"privatelink.token.botframework.com\",\"privatelink.vaultcore.azure.net\",\"privatelink.web.core.windows.net\",\"privatelink.webpubsub.azure.com\"]}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deny-HybridNetworking\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deny-HybridNetworking",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Denies deployment of vWAN/ER/VPN gateway resources in the Corp landing zone.",
- "display_name": "Deny the deployment of vWAN/ER/VPN gateway resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp",
- "name": "Deny-HybridNetworking",
- "non_compliance_message": [
- {
- "content": "vWAN/ER/VPN gateway resources must not be deployed in the Corp landing zone.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"},\"listOfResourceTypesNotAllowed\":{\"value\":[\"microsoft.network/expressroutecircuits\",\"microsoft.network/expressroutegateways\",\"microsoft.network/expressrouteports\",\"microsoft.network/virtualwans\",\"microsoft.network/virtualhubs\",\"microsoft.network/vpngateways\",\"microsoft.network/p2svpngateways\",\"microsoft.network/vpnsites\",\"microsoft.network/virtualnetworkgateways\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-Endpoints\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-Endpoints",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints",
- "display_name": "Public network access should be disabled for PaaS services",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp",
- "name": "Deny-Public-Endpoints",
- "non_compliance_message": [
- {
- "content": "Public network access must be disabled for PaaS services.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP-On-NIC\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP-On-NIC",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies network interfaces from having a public IP associated to it under the assigned scope.",
- "display_name": "Deny network interfaces having a public IP associated",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp",
- "name": "Deny-Public-IP-On-NIC",
- "non_compliance_message": [
- {
- "content": "Network interfaces must not have a public IP associated.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones",
- "display_name": "Configure Azure PaaS services to use private DNS zones",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp",
- "name": "Deploy-Private-DNS-Zones",
- "non_compliance_message": [
- {
- "content": "Azure PaaS services must use private DNS zones.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"azureAcrPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io\"},\"azureAppPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io\"},\"azureAppServicesPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net\"},\"azureAsrPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.siterecovery.windowsazure.com\"},\"azureAutomationDSCHybridPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net\"},\"azureAutomationWebhookPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net\"},\"azureBatchPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.northeurope.batch.azure.com\"},\"azureCognitiveSearchPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net\"},\"azureCognitiveServicesPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com\"},\"azureCosmosCassandraPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cassandra.cosmos.azure.com\"},\"azureCosmosGremlinPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.gremlin.cosmos.azure.com\"},\"azureCosmosMongoPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mongo.cosmos.azure.com\"},\"azureCosmosSQLPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com\"},\"azureCosmosTablePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.cosmos.azure.com\"},\"azureDataFactoryPortalPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com\"},\"azureDataFactoryPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net\"},\"azureDatabricksPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azuredatabricks.net\"},\"azureDiskAccessPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net\"},\"azureEventGridDomainsPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net\"},\"azureEventGridTopicsPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net\"},\"azureEventHubNamespacePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net\"},\"azureFilePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.afs.azure.net\"},\"azureHDInsightPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurehdinsight.net\"},\"azureIotHubsPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net\"},\"azureIotPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices-provisioning.net\"},\"azureKeyVaultPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net\"},\"azureMachineLearningWorkspacePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms\"},\"azureMediaServicesKeyPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net\"},\"azureMediaServicesLivePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net\"},\"azureMediaServicesStreamPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net\"},\"azureMigratePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.prod.migration.windowsazure.com\"},\"azureMonitorPrivateDnsZoneId1\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.monitor.azure.com\"},\"azureMonitorPrivateDnsZoneId2\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.oms.opinsights.azure.com\"},\"azureMonitorPrivateDnsZoneId3\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.ods.opinsights.azure.com\"},\"azureMonitorPrivateDnsZoneId4\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.agentsvc.azure-automation.net\"},\"azureMonitorPrivateDnsZoneId5\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net\"},\"azureRedisCachePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.redis.cache.windows.net\"},\"azureServiceBusNamespacePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net\"},\"azureSignalRPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.service.signalr.net\"},\"azureStorageBlobPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net\"},\"azureStorageBlobSecPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net\"},\"azureStorageDFSPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dfs.core.windows.net\"},\"azureStorageDFSSecPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dfs.core.windows.net\"},\"azureStorageFilePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net\"},\"azureStorageQueuePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net\"},\"azureStorageQueueSecPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net\"},\"azureStorageStaticWebPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net\"},\"azureStorageStaticWebSecPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net\"},\"azureSynapseDevPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net\"},\"azureSynapseSQLODPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net\"},\"azureSynapseSQLPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net\"},\"azureWebPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies any network security rule that allows management port access from the Internet",
- "display_name": "Management port access from the Internet should be blocked",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "name": "Deny-MgmtPorts-Internet",
- "non_compliance_message": [
- {
- "content": "Management port access from the Internet must be blocked.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies creation of Public IPs under the assigned scope.",
- "display_name": "Deny the creation of public IP",
- "enforce": false,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "name": "Deny-Public-IP",
- "non_compliance_message": [
- {
- "content": "Public IPs should not be created under this scope.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"},\"listOfResourceTypesNotAllowed\":{\"value\":[\"Microsoft.Network/publicIPAddresses\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a subnet without a Network Security Group to protect traffic across subnets.",
- "display_name": "Subnets should have a Network Security Group",
- "enforce": false,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "name": "Deny-Subnet-Without-Nsg",
- "non_compliance_message": [
- {
- "content": "Subnets should have a Network Security Group.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag.",
- "display_name": "Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "name": "Deploy-VM-Backup",
- "non_compliance_message": [
- {
- "content": "Backup on virtual machines without a given tag should be configured to a new recovery services vault with a default policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"deployIfNotExists\"},\"exclusionTagName\":{\"value\":\"\"},\"exclusionTagValue\":{\"value\":[]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Audit-AppGW-WAF\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Audit-AppGW-WAF",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Assign the WAF should be enabled for Application Gateway audit policy.",
- "display_name": "Web Application Firewall (WAF) should be enabled for Application Gateway",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Audit-AppGW-WAF",
- "non_compliance_message": [
- {
- "content": "Web Application Firewall (WAF) must be enabled for Application Gateway.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Audit\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-IP-forwarding\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-IP-forwarding",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team.",
- "display_name": "Network interfaces should disable IP forwarding",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-IP-forwarding",
- "non_compliance_message": [
- {
- "content": "Network interfaces must disable IP forwarding.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies any network security rule that allows management port access from the Internet",
- "display_name": "Management port access from the Internet should be blocked",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-MgmtPorts-Internet",
- "non_compliance_message": [
- {
- "content": "Management port access from the Internet must be blocked.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Priv-Esc-AKS\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Priv-Esc-AKS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.",
- "display_name": "Kubernetes clusters should not allow container privilege escalation",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-Priv-Esc-AKS",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Privileged-AKS\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Privileged-AKS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.",
- "display_name": "Kubernetes cluster should not allow privileged containers",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-Privileged-AKS",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Storage-http\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Storage-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
- "display_name": "Secure transfer to storage accounts should be enabled",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-Storage-http",
- "non_compliance_message": [
- {
- "content": "Secure transfer to storage accounts must be enabled.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc.",
- "display_name": "Deploy Azure Policy Add-on to Azure Kubernetes Service clusters",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-AKS-Policy",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "To ensure the operations performed against your SQL assets are captured, SQL servers should have auditing enabled. If auditing is not enabled, this policy will configure auditing events to flow to the specified Log Analytics workspace.",
- "display_name": "Configure SQL servers to have auditing enabled to Log Analytics workspace",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-AzSqlDb-Auditing",
- "non_compliance_message": [
- {
- "content": "SQL servers must have auditing enabled to Log Analytics workspace.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"logAnalyticsWorkspaceId\":{\"value\":\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourcegroups/root-id-1-mgmt/providers/microsoft.operationalinsights/workspaces/root-id-1-la\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/25da7dfb-0666-4a15-a8f5-402127efd8bb",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy ensures that Transparent Data Encryption is enabled on SQL Servers.",
- "display_name": "Deploy TDE on SQL servers",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-SQL-TDE",
- "non_compliance_message": [
- {
- "content": "TDE must be deployed on SQL servers.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy ensures that Threat Detection is enabled on SQL Servers.",
- "display_name": "Deploy Threat Detection on SQL servers",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-SQL-Threat",
- "non_compliance_message": [
- {
- "content": "Threat Detection must be deployed on SQL servers.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag.",
- "display_name": "Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-VM-Backup",
- "non_compliance_message": [
- {
- "content": "Backup on virtual machines without a given tag must be configured to a new recovery services vault with a default policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Protect your virtual networks against volumetric and protocol attacks with Azure DDoS Network Protection. For more information, visit https://aka.ms/ddosprotectiondocs.",
- "display_name": "Virtual networks should be protected by Azure DDoS Network Protection",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Enable-DDoS-VNET",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"ddosPlan\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-ddos/providers/Microsoft.Network/ddosProtectionPlans/root-id-1-ddos-northeurope\"},\"effect\":{\"value\":\"Modify\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-AKS-HTTPS\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-AKS-HTTPS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for AKS Engine and Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc",
- "display_name": "Kubernetes clusters should be accessible only over HTTPS",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Enforce-AKS-HTTPS",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative assignment enables recommended ALZ guardrails for Azure Key Vault.",
- "display_name": "Enforce recommended guardrails for Azure Key Vault",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Enforce-GR-KeyVault",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit.",
- "display_name": "Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Enforce-TLS-SSL",
- "non_compliance_message": [
- {
- "content": "TLS and SSL must be enabled for on resources without encryption in transit.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy-Log-Analytics.",
- "display_name": "Deploy-Log-Analytics",
- "enforce": false,
- "identity": [
- {
- "identity_ids": [
- "/subscriptions/2a8527ca-5340-49aa-8931-ea03669451a0/resourceGroups/rg-identity/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id-identity"
- ],
- "type": "UserAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-management",
- "name": "Deploy-Log-Analytics",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"automationAccountName\":{\"value\":\"root-id-1-automation\"},\"automationRegion\":{\"value\":\"northeurope\"},\"dataRetention\":{\"value\":\"60\"},\"effect\":{\"value\":\"DeployIfNotExists\"},\"rgName\":{\"value\":\"root-id-1-mgmt\"},\"sku\":{\"value\":\"pergb2018\"},\"workspaceName\":{\"value\":\"root-id-1-la\"},\"workspaceRegion\":{\"value\":\"northeurope\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/8e3e61b3-0b32-22d5-4edf-55f87fdb5955",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {
- "identity_ids": [
- false
- ]
- }
- ],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-platform/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-platform/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative assignment enables recommended ALZ guardrails for Azure Key Vault.",
- "display_name": "Enforce recommended guardrails for Azure Key Vault",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "name": "Enforce-GR-KeyVault",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Sandbox\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Sandbox",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative will help enforce and govern subscriptions that are placed within the Sandbox Management Group. See https://aka.ms/alz/policies for more information.",
- "display_name": "Enforce ALZ Sandbox Guardrails",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes",
- "name": "Enforce-ALZ-Sandbox",
- "non_compliance_message": [
- {
- "content": "ALZ Sandbox Guardrails must be enforced.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfResourceTypesNotAllowed\":{\"value\":[\"microsoft.network/expressroutecircuits\",\"microsoft.network/expressroutegateways\",\"microsoft.network/expressrouteports\",\"microsoft.network/virtualwans\",\"microsoft.network/virtualhubs\",\"microsoft.network/vpngateways\",\"microsoft.network/p2svpngateways\",\"microsoft.network/vpnsites\",\"microsoft.network/virtualnetworkgateways\"]}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resource Groups can be deployed. Generated from custom Terraform template.",
- "display_name": "Limit allowed locations for Resource Groups",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "name": "Deny-RSG-Locations",
- "non_compliance_message": [
- {
- "content": "Resource Groups must be deployed in the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"eastus\",\"westus\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resources can be deployed.",
- "display_name": "Limit allowed locations for Resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "name": "Deny-Resource-Locations",
- "non_compliance_message": [
- {
- "content": "Resources must only be deployed to the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"eastus\",\"westus\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This assignment includes audit and virtual machine extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.",
- "display_name": "Assign policies for HITRUST and HIPAA controls",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "name": "Deploy-HITRUST-HIPAA",
- "non_compliance_message": [
- {
- "content": "HITRUST/HIPAA controls audit and virtual machine extensions must be deployed.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"CertificateThumbprints\":{\"value\":\"\"},\"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName\":{\"value\":\"root-id-1-rg\"},\"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix\":{\"value\":\"root-id-1\"},\"installedApplicationsOnWindowsVM\":{\"value\":\"\"},\"listOfLocations\":{\"value\":[\"eastus\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-emea/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-emea/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resource Groups can be deployed. Generated from custom Terraform template.",
- "display_name": "Limit allowed locations for Resource Groups",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-web-emea",
- "name": "Deny-RSG-Locations",
- "non_compliance_message": [
- {
- "content": "Resource Groups must be deployed in the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"northeurope\",\"westeurope\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-emea/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-emea/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resources can be deployed.",
- "display_name": "Limit allowed locations for Resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-web-emea",
- "name": "Deny-Resource-Locations",
- "non_compliance_message": [
- {
- "content": "Resources must only be deployed to the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"northeurope\",\"westeurope\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-us/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-us/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resource Groups can be deployed. Generated from custom Terraform template.",
- "display_name": "Limit allowed locations for Resource Groups",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-web-us",
- "name": "Deny-RSG-Locations",
- "non_compliance_message": [
- {
- "content": "Resource Groups must be deployed in the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"eastus\",\"westus\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-us/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-us/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resources can be deployed.",
- "display_name": "Limit allowed locations for Resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-web-us",
- "name": "Deny-Resource-Locations",
- "non_compliance_message": [
- {
- "content": "Resources must only be deployed to the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"eastus\",\"westus\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Audit-UnusedResources\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Audit-UnusedResources",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This Policy initiative is a group of Policy definitions that help optimize cost by detecting unused but chargeable resources. Leverage this Policy initiative as a cost control to reveal orphaned resources that are driving cost.",
- "display_name": "Unused resources driving cost should be avoided",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Audit-UnusedResources",
- "non_compliance_message": [
- {
- "content": "Unused resources driving cost must be avoided.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"EffectDisks\":{\"value\":\"Audit\"},\"EffectPublicIpAddresses\":{\"value\":\"Audit\"},\"EffectServerFarms\":{\"value\":\"Audit\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Audit-UnusedResourcesCostOptimization",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Classic-Resources\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Classic-Resources",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Denies deployment of classic resource types under the assigned scope.",
- "display_name": "Deny the deployment of classic resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deny-Classic-Resources",
- "non_compliance_message": [
- {
- "content": "Classic resources must not be deployed.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"},\"listOfResourceTypesNotAllowed\":{\"value\":[\"Microsoft.ClassicCompute/capabilities\",\"Microsoft.ClassicCompute/checkDomainNameAvailability\",\"Microsoft.ClassicCompute/domainNames\",\"Microsoft.ClassicCompute/domainNames/capabilities\",\"Microsoft.ClassicCompute/domainNames/internalLoadBalancers\",\"Microsoft.ClassicCompute/domainNames/serviceCertificates\",\"Microsoft.ClassicCompute/domainNames/slots\",\"Microsoft.ClassicCompute/domainNames/slots/roles\",\"Microsoft.ClassicCompute/domainNames/slots/roles/metricDefinitions\",\"Microsoft.ClassicCompute/domainNames/slots/roles/metrics\",\"Microsoft.ClassicCompute/moveSubscriptionResources\",\"Microsoft.ClassicCompute/operatingSystemFamilies\",\"Microsoft.ClassicCompute/operatingSystems\",\"Microsoft.ClassicCompute/operations\",\"Microsoft.ClassicCompute/operationStatuses\",\"Microsoft.ClassicCompute/quotas\",\"Microsoft.ClassicCompute/resourceTypes\",\"Microsoft.ClassicCompute/validateSubscriptionMoveAvailability\",\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines/diagnosticSettings\",\"Microsoft.ClassicCompute/virtualMachines/metricDefinitions\",\"Microsoft.ClassicCompute/virtualMachines/metrics\",\"Microsoft.ClassicInfrastructureMigrate/classicInfrastructureResources\",\"Microsoft.ClassicNetwork/capabilities\",\"Microsoft.ClassicNetwork/expressRouteCrossConnections\",\"Microsoft.ClassicNetwork/expressRouteCrossConnections/peerings\",\"Microsoft.ClassicNetwork/gatewaySupportedDevices\",\"Microsoft.ClassicNetwork/networkSecurityGroups\",\"Microsoft.ClassicNetwork/operations\",\"Microsoft.ClassicNetwork/quotas\",\"Microsoft.ClassicNetwork/reservedIps\",\"Microsoft.ClassicNetwork/virtualNetworks\",\"Microsoft.ClassicNetwork/virtualNetworks/remoteVirtualNetworkPeeringProxies\",\"Microsoft.ClassicNetwork/virtualNetworks/virtualNetworkPeerings\",\"Microsoft.ClassicStorage/capabilities\",\"Microsoft.ClassicStorage/checkStorageAccountAvailability\",\"Microsoft.ClassicStorage/disks\",\"Microsoft.ClassicStorage/images\",\"Microsoft.ClassicStorage/operations\",\"Microsoft.ClassicStorage/osImages\",\"Microsoft.ClassicStorage/osPlatformImages\",\"Microsoft.ClassicStorage/publicImages\",\"Microsoft.ClassicStorage/quotas\",\"Microsoft.ClassicStorage/storageAccounts\",\"Microsoft.ClassicStorage/storageAccounts/blobServices\",\"Microsoft.ClassicStorage/storageAccounts/fileServices\",\"Microsoft.ClassicStorage/storageAccounts/metricDefinitions\",\"Microsoft.ClassicStorage/storageAccounts/metrics\",\"Microsoft.ClassicStorage/storageAccounts/queueServices\",\"Microsoft.ClassicStorage/storageAccounts/services\",\"Microsoft.ClassicStorage/storageAccounts/services/diagnosticSettings\",\"Microsoft.ClassicStorage/storageAccounts/services/metricDefinitions\",\"Microsoft.ClassicStorage/storageAccounts/services/metrics\",\"Microsoft.ClassicStorage/storageAccounts/tableServices\",\"Microsoft.ClassicStorage/storageAccounts/vmImages\",\"Microsoft.ClassicStorage/vmImages\",\"Microsoft.ClassicSubscription/operations\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resource Groups can be deployed. Generated from custom Terraform template.",
- "display_name": "Limit allowed locations for Resource Groups",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deny-RSG-Locations",
- "non_compliance_message": [
- {
- "content": "Resource Groups must be deployed in the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"eastus\",\"eastus2\",\"westus\",\"northcentralus\",\"southcentralus\",\"northeurope\",\"westeurope\",\"uksouth\",\"ukwest\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resources can be deployed.",
- "display_name": "Limit allowed locations for Resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deny-Resource-Locations",
- "non_compliance_message": [
- {
- "content": "Resources must only be deployed to the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"eastus\",\"eastus2\",\"westus\",\"northcentralus\",\"southcentralus\",\"northeurope\",\"westeurope\",\"uksouth\",\"ukwest\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-UnmanagedDisk\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-UnmanagedDisk",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny virtual machines that do not use managed disk. It checks the managed disk property on virtual machine OS Disk fields.",
- "display_name": "Deny virtual machines and virtual machine scale sets that do not use managed disk",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deny-UnmanagedDisk",
- "non_compliance_message": [
- {
- "content": "Virtual machines and virtual machine scales sets must use a managed disk.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [
- {
- "selectors": [],
- "value": "Deny"
- }
- ],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [
- {
- "selectors": []
- }
- ],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Microsoft Cloud Security Benchmark policy initiative.",
- "display_name": "Microsoft Cloud Security Benchmark",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-ASC-Monitoring",
- "non_compliance_message": [
- {
- "content": "Microsoft Cloud Security Benchmark must be met.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Activity to stream subscriptions audit logs to a Log Analytics workspace to monitor subscription-level events",
- "display_name": "Configure Azure Activity logs to stream to specified Log Analytics workspace",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-AzActivity-Log",
- "non_compliance_message": [
- {
- "content": "Azure Activity logs must be configured to stream to specified Log Analytics workspace.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"logAnalytics\":{\"value\":\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"},\"logsEnabled\":{\"value\":\"True\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/2465583e-4e78-4c15-b6be-a36cbc7c8b0f",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This assignment includes audit and virtual machine extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.",
- "display_name": "Assign policies for HITRUST and HIPAA controls",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-HITRUST-HIPAA",
- "non_compliance_message": [
- {
- "content": "HITRUST/HIPAA controls audit and virtual machine extensions must be deployed.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"CertificateThumbprints\":{\"value\":\"\"},\"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName\":{\"value\":\"root-id-1-rg\"},\"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix\":{\"value\":\"root-id-1\"},\"installedApplicationsOnWindowsVM\":{\"value\":\"\"},\"listOfLocations\":{\"value\":[\"eastus\",\"eastus2\",\"westus\",\"northcentralus\",\"southcentralus\",\"northeurope\",\"westeurope\",\"uksouth\",\"ukwest\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Microsoft Defender for Endpoint agent on applicable images.",
- "display_name": "[Preview]: Deploy Microsoft Defender for Endpoint agent",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-MDEndpoints",
- "non_compliance_message": [
- {
- "content": "Microsoft Defender for Endpoint agent must be deployed on applicable images.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"microsoftDefenderForEndpointLinuxArcAgentDeployEffect\":{\"value\":\"DeployIfNotExists\"},\"microsoftDefenderForEndpointLinuxVmAgentDeployEffect\":{\"value\":\"DeployIfNotExists\"},\"microsoftDefenderForEndpointWindowsArcAgentDeployEffect\":{\"value\":\"DeployIfNotExists\"},\"microsoftDefenderForEndpointWindowsVmAgentDeployEffect\":{\"value\":\"DeployIfNotExists\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/e20d08c5-6d64-656d-6465-ce9e37fd0ebc",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Microsoft Defender for Cloud and Security Contacts",
- "display_name": "Deploy Microsoft Defender for Cloud configuration",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-MDFC-Config",
- "non_compliance_message": [
- {
- "content": "Microsoft Defender for Cloud and Security Contacts must be deployed.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"ascExportResourceGroupLocation\":{\"value\":\"northeurope\"},\"ascExportResourceGroupName\":{\"value\":\"root-id-1-security-logs-export\"},\"emailSecurityContact\":{\"value\":\"test.user@replace_me\"},\"enableAscForApis\":{\"value\":\"DeployIfNotExists\"},\"enableAscForAppServices\":{\"value\":\"DeployIfNotExists\"},\"enableAscForArm\":{\"value\":\"DeployIfNotExists\"},\"enableAscForContainers\":{\"value\":\"DeployIfNotExists\"},\"enableAscForCosmosDbs\":{\"value\":\"DeployIfNotExists\"},\"enableAscForCspm\":{\"value\":\"DeployIfNotExists\"},\"enableAscForDns\":{\"value\":\"DeployIfNotExists\"},\"enableAscForKeyVault\":{\"value\":\"DeployIfNotExists\"},\"enableAscForOssDb\":{\"value\":\"DeployIfNotExists\"},\"enableAscForServers\":{\"value\":\"DeployIfNotExists\"},\"enableAscForServersVulnerabilityAssessments\":{\"value\":\"DeployIfNotExists\"},\"enableAscForSql\":{\"value\":\"DeployIfNotExists\"},\"enableAscForSqlOnVm\":{\"value\":\"DeployIfNotExists\"},\"enableAscForStorage\":{\"value\":\"DeployIfNotExists\"},\"logAnalytics\":{\"value\":\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"},\"vulnerabilityAssessmentProvider\":{\"value\":\"default\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enable Advanced Threat Protection on your non-Basic tier open-source relational databases to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. See https://aka.ms/AzDforOpenSourceDBsDocu.",
- "display_name": "Configure Advanced Threat Protection to be enabled on open-source relational databases",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-MDFC-OssDb",
- "non_compliance_message": [
- {
- "content": "Advanced Threat Protection must be enabled on open-source relational databases.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/e77fc0b3-f7e9-4c58-bc13-cb753ed8e46e",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enable Azure Defender on your SQL Servers and SQL Managed Instances to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.",
- "display_name": "Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-MDFC-SqlAtp",
- "non_compliance_message": [
- {
- "content": "Azure Defender must be enabled on SQL Servers and SQL Managed Instances.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included",
- "display_name": "Deploy Diagnostic Settings to Azure Services",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-Resource-Diag",
- "non_compliance_message": [
- {
- "content": "Diagnostic settings must be deployed to Azure services.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"AKSLogAnalyticsEffect\":{\"value\":\"Disabled\"},\"logAnalytics\":{\"value\":\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Auditing on SQL servers.",
- "display_name": "Deploy Auditing on SQL servers",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-SQL-Auditing",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"retentionDays\":{\"value\":\"10\"},\"storageAccountsResourceGroup\":{\"value\":\"\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter.",
- "display_name": "Enable Azure Monitor for VMs",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-VM-Monitoring",
- "non_compliance_message": [
- {
- "content": "Azure Monitor should be enabled for Virtual Machines.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"logAnalytics_1\":{\"value\":\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative assignment enables Azure Compute Security Baseline compliance auditing for Windows and Linux virtual machines.",
- "display_name": "Enforce Azure Compute Security Baseline compliance auditing",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Enforce-ACSB",
- "non_compliance_message": [
- {
- "content": "Azure Compute Security Baseline compliance auditing must be enforced.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_subscription_association.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5\"]",
- "mode": "managed",
- "type": "azurerm_management_group_subscription_association",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "subscription_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.azurerm_management_group_subscription_association.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e\"]",
- "mode": "managed",
- "type": "azurerm_management_group_subscription_association",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-management/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-management",
- "subscription_id": "/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Appends the AppService sites object to ensure that HTTPS only is enabled for server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.",
- "display_name": "AppService append enable https only setting to enforce https setting.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Append-AppService-httpsonly",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"field\":\"Microsoft.Web/sites/httpsOnly\",\"notequals\":true}]},\"then\":{\"details\":[{\"field\":\"Microsoft.Web/sites/httpsOnly\",\"value\":true}],\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Append the AppService sites object to ensure that min Tls version is set to required minimum TLS version. Please note Append does not enforce compliance use then deny.",
- "display_name": "AppService append sites with minimum TLS version to enforce.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Append-AppService-latestTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version for a Web App config to enforce\",\"displayName\":\"Select version minimum TLS Web App config\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"exists\":\"true\",\"field\":\"Microsoft.Web/sites/config/minTlsVersion\"},{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"notEquals\":\"[parameters('minTlsVersion')]\"}]},\"then\":{\"details\":[{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"value\":\"[parameters('minTlsVersion')]\"}],\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-KV-SoftDelete\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-KV-SoftDelete",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy enables you to ensure when a Key Vault is created with out soft delete enabled it will be added.",
- "display_name": "KeyVault SoftDelete should be enabled",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Key Vault\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Append-KV-SoftDelete",
- "parameters": null,
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.KeyVault/vaults\",\"field\":\"type\"},{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"notEquals\":true}]}]},\"then\":{\"details\":[{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"value\":true}],\"effect\":\"append\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cache\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "Indexed",
- "name": "Append-Redis-disableNonSslPort",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure Cache for Redis\",\"displayName\":\"Effect Azure Cache for Redis\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Cache/redis\",\"field\":\"type\"},{\"anyOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Cache/Redis/enableNonSslPort\"}]}]},\"then\":{\"details\":[{\"field\":\"Microsoft.Cache/Redis/enableNonSslPort\",\"value\":false}],\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Append a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cache\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Append-Redis-sslEnforcement",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure Cache for Redis\",\"displayName\":\"Effect Azure Cache for Redis\"},\"type\":\"String\"},\"minimumTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Cache for Redis to enforce\",\"displayName\":\"Select version for Redis server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Cache/redis\",\"field\":\"type\"},{\"anyOf\":[{\"field\":\"Microsoft.Cache/Redis/minimumTlsVersion\",\"notequals\":\"[parameters('minimumTlsVersion')]\"}]}]},\"then\":{\"details\":[{\"field\":\"Microsoft.Cache/Redis/minimumTlsVersion\",\"value\":\"[parameters('minimumTlsVersion')]\"}],\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by enabling Azure Hybrid Benefit. Leverage this Policy definition as a cost control to reveal Virtual Machines not using AHUB.",
- "display_name": "Audit AHUB for eligible VMs",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Audit-AzureHybridBenefit",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.Compute/virtualMachineScaleSets\"]},{\"equals\":\"MicrosoftWindowsServer\",\"field\":\"Microsoft.Compute/imagePublisher\"},{\"equals\":\"WindowsServer\",\"field\":\"Microsoft.Compute/imageOffer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2008-R2-SP1*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2012-*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2016-*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2019-*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2022-*\"}]},{\"field\":\"Microsoft.Compute/licenseType\",\"notEquals\":\"Windows_Server\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by detecting unused but chargeable resources. Leverage this Policy definition as a cost control to reveal orphaned Disks that are driving cost.",
- "display_name": "Unused Disks driving cost should be avoided",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Audit-Disks-UnusedResourcesCostOptimization",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Compute/disks\",\"field\":\"type\"},{\"equals\":\"Unattached\",\"field\":\"Microsoft.Compute/disks/diskState\"},{\"allof\":[{\"field\":\"name\",\"notlike\":\"*-ASRReplica\"},{\"field\":\"name\",\"notlike\":\"ms-asr-*\"},{\"field\":\"name\",\"notlike\":\"asrseeddisk-*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-MachineLearning-PrivateEndpointId\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-MachineLearning-PrivateEndpointId",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.",
- "display_name": "Control private endpoint connections to Azure Machine Learning",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Audit-MachineLearning-PrivateEndpointId",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\",\"field\":\"type\"},{\"equals\":\"Approved\",\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id\"},{\"notEquals\":\"[subscription().subscriptionId]\",\"value\":\"[split(concat(field('Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id'), '//'), '/')[2]]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy audits the creation of a Private Link Private DNS Zones in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription",
- "display_name": "Audit the creation of Private Link Private DNS Zones",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "Indexed",
- "name": "Audit-PrivateLinkDnsZones",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"privateLinkDnsZones\":{\"defaultValue\":[\"privatelink.adf.azure.com\",\"privatelink.afs.azure.net\",\"privatelink.agentsvc.azure-automation.net\",\"privatelink.analysis.windows.net\",\"privatelink.api.azureml.ms\",\"privatelink.azconfig.io\",\"privatelink.azure-api.net\",\"privatelink.azure-automation.net\",\"privatelink.azurecr.io\",\"privatelink.azure-devices.net\",\"privatelink.azure-devices-provisioning.net\",\"privatelink.azuredatabricks.net\",\"privatelink.azurehdinsight.net\",\"privatelink.azurehealthcareapis.com\",\"privatelink.azurestaticapps.net\",\"privatelink.azuresynapse.net\",\"privatelink.azurewebsites.net\",\"privatelink.batch.azure.com\",\"privatelink.blob.core.windows.net\",\"privatelink.cassandra.cosmos.azure.com\",\"privatelink.cognitiveservices.azure.com\",\"privatelink.database.windows.net\",\"privatelink.datafactory.azure.net\",\"privatelink.dev.azuresynapse.net\",\"privatelink.dfs.core.windows.net\",\"privatelink.dicom.azurehealthcareapis.com\",\"privatelink.digitaltwins.azure.net\",\"privatelink.directline.botframework.com\",\"privatelink.documents.azure.com\",\"privatelink.eventgrid.azure.net\",\"privatelink.file.core.windows.net\",\"privatelink.gremlin.cosmos.azure.com\",\"privatelink.guestconfiguration.azure.com\",\"privatelink.his.arc.azure.com\",\"privatelink.kubernetesconfiguration.azure.com\",\"privatelink.managedhsm.azure.net\",\"privatelink.mariadb.database.azure.com\",\"privatelink.media.azure.net\",\"privatelink.mongo.cosmos.azure.com\",\"privatelink.monitor.azure.com\",\"privatelink.mysql.database.azure.com\",\"privatelink.notebooks.azure.net\",\"privatelink.ods.opinsights.azure.com\",\"privatelink.oms.opinsights.azure.com\",\"privatelink.pbidedicated.windows.net\",\"privatelink.postgres.database.azure.com\",\"privatelink.prod.migration.windowsazure.com\",\"privatelink.purview.azure.com\",\"privatelink.purviewstudio.azure.com\",\"privatelink.queue.core.windows.net\",\"privatelink.redis.cache.windows.net\",\"privatelink.redisenterprise.cache.azure.net\",\"privatelink.search.windows.net\",\"privatelink.service.signalr.net\",\"privatelink.servicebus.windows.net\",\"privatelink.siterecovery.windowsazure.com\",\"privatelink.sql.azuresynapse.net\",\"privatelink.table.core.windows.net\",\"privatelink.table.cosmos.azure.com\",\"privatelink.tip1.powerquery.microsoft.com\",\"privatelink.token.botframework.com\",\"privatelink.vaultcore.azure.net\",\"privatelink.web.core.windows.net\",\"privatelink.webpubsub.azure.com\"],\"metadata\":{\"description\":\"An array of Private Link Private DNS Zones to check for the existence of in the assigned scope.\",\"displayName\":\"Private Link Private DNS Zones\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/privateDnsZones\",\"field\":\"type\"},{\"field\":\"name\",\"in\":\"[parameters('privateLinkDnsZones')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by detecting unused but chargeable resources. Leverage this Policy definition as a cost control to reveal orphaned Public IP addresses that are driving cost.",
- "display_name": "Unused Public IP addresses driving cost should be avoided",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Audit-PublicIpAddresses-UnusedResourcesCostOptimization",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"microsoft.network/publicIpAddresses\",\"field\":\"type\"},{\"field\":\"Microsoft.Network/publicIPAddresses/sku.name\",\"notEquals\":\"Basic\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.Network/publicIPAddresses/natGateway\"},{\"equals\":true,\"value\":\"[equals(length(field('Microsoft.Network/publicIPAddresses/natGateway')), 0)]\"}]},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.Network/publicIPAddresses/ipConfiguration\"},{\"equals\":true,\"value\":\"[equals(length(field('Microsoft.Network/publicIPAddresses/ipConfiguration')), 0)]\"}]},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.Network/publicIPAddresses/publicIPPrefix\"},{\"equals\":true,\"value\":\"[equals(length(field('Microsoft.Network/publicIPAddresses/publicIPPrefix')), 0)]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by detecting unused but chargeable resources. Leverage this Policy definition as a cost control to reveal orphaned App Service plans that are driving cost.",
- "display_name": "Unused App Service plans driving cost should be avoided",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Audit-ServerFarms-UnusedResourcesCostOptimization",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/serverfarms\",\"field\":\"type\"},{\"field\":\"Microsoft.Web/serverFarms/sku.tier\",\"notEquals\":\"Free\"},{\"equals\":0,\"field\":\"Microsoft.Web/serverFarms/numberOfSites\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AA-child-resources\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AA-child-resources",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of child resources on the Automation Account",
- "display_name": "No child resources in Automation Account",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureUSGovernment\"],\"category\":\"Automation\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AA-child-resources",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Automation/automationAccounts/runbooks\",\"Microsoft.Automation/automationAccounts/variables\",\"Microsoft.Automation/automationAccounts/modules\",\"Microsoft.Automation/automationAccounts/credentials\",\"Microsoft.Automation/automationAccounts/connections\",\"Microsoft.Automation/automationAccounts/certificates\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGW-Without-WAF\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGW-Without-WAF",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy enables you to restrict that Application Gateways is always deployed with WAF enabled",
- "display_name": "Application Gateway should be deployed with WAF enabled",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AppGW-Without-WAF",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/applicationGateways\",\"field\":\"type\"},{\"field\":\"Microsoft.Network/applicationGateways/sku.name\",\"notequals\":\"WAF_v2\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.",
- "display_name": "API App should only be accessible over HTTPS",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AppServiceApiApp-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"equals\":\"false\",\"field\":\"Microsoft.Web/sites/httpsOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.",
- "display_name": "Function App should only be accessible over HTTPS",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AppServiceFunctionApp-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"equals\":\"false\",\"field\":\"Microsoft.Web/sites/httpsOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.",
- "display_name": "Web Application should only be accessible over HTTPS",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AppServiceWebApp-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"equals\":\"false\",\"field\":\"Microsoft.Web/sites/httpsOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-NoPublicIp\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-NoPublicIp",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Denies the deployment of workspaces that do not use the noPublicIp feature to host Databricks clusters without public IPs.",
- "display_name": "Deny public IPs for Databricks cluster",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Databricks\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Databricks-NoPublicIp",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Databricks/workspaces\",\"field\":\"type\"},{\"field\":\"Microsoft.DataBricks/workspaces/parameters.enableNoPublicIp.value\",\"notEquals\":true}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-Sku\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-Sku",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.",
- "display_name": "Deny non-premium Databricks sku",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Databricks\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Databricks-Sku",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Databricks/workspaces\",\"field\":\"type\"},{\"field\":\"Microsoft.DataBricks/workspaces/sku.name\",\"notEquals\":\"premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-VirtualNetwork\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-VirtualNetwork",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforces the use of vnet injection for Databricks workspaces.",
- "display_name": "Deny Databricks workspaces without Vnet injection",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Databricks\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Databricks-VirtualNetwork",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Databricks/workspaces\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.DataBricks/workspaces/parameters.customVirtualNetworkId.value\"},{\"exists\":false,\"field\":\"Microsoft.DataBricks/workspaces/parameters.customPublicSubnetName.value\"},{\"exists\":false,\"field\":\"Microsoft.DataBricks/workspaces/parameters.customPrivateSubnetName.value\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureAuth\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureAuth",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the use of insecure authentication methods (NTLMv2) when using File Services on a storage account.",
- "display_name": "File Services with insecure authentication methods should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-FileServices-InsecureAuth",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"notAllowedAuthMethods\":{\"allowedValues\":[\"NTLMv2\",\"Kerberos\"],\"defaultValue\":\"NTLMv2\",\"metadata\":{\"description\":\"The list of channelEncryption not allowed.\",\"displayName\":\"Authentication methods supported by server. Valid values are NTLMv2, Kerberos.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"contains\":\"[parameters('notAllowedAuthMethods')]\",\"field\":\"Microsoft.Storage/storageAccounts/fileServices/protocolSettings.smb.authenticationMethods\"},{\"equals\":\"Microsoft.Storage/storageAccounts/fileServices\",\"field\":\"type\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureKerberos\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureKerberos",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the use of insecure Kerberos ticket encryption (RC4-HMAC) when using File Services on a storage account.",
- "display_name": "File Services with insecure Kerberos ticket encryption should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-FileServices-InsecureKerberos",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"notAllowedKerberosTicketEncryption\":{\"allowedValues\":[\"RC4-HMAC\",\"AES-256\"],\"defaultValue\":\"RC4-HMAC\",\"metadata\":{\"description\":\"The list of kerberosTicketEncryption not allowed.\",\"displayName\":\"Kerberos ticket encryption supported by server. Valid values are RC4-HMAC, AES-256.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts/fileServices\",\"field\":\"type\"},{\"contains\":\"[parameters('notAllowedKerberosTicketEncryption')]\",\"field\":\"Microsoft.Storage/storageAccounts/fileServices/protocolSettings.smb.kerberosTicketEncryption\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbChannel\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbChannel",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the use of insecure channel encryption (AES-128-CCM) when using File Services on a storage account.",
- "display_name": "File Services with insecure SMB channel encryption should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-FileServices-InsecureSmbChannel",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"notAllowedChannelEncryption\":{\"allowedValues\":[\"AES-128-CCM\",\"AES-128-GCM\",\"AES-256-GCM\"],\"defaultValue\":\"AES-128-CCM\",\"metadata\":{\"description\":\"The list of channelEncryption not allowed.\",\"displayName\":\"SMB channel encryption supported by server. Valid values are AES-128-CCM, AES-128-GCM, AES-256-GCM.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts/fileServices\",\"field\":\"type\"},{\"contains\":\"[parameters('notAllowedChannelEncryption')]\",\"field\":\"Microsoft.Storage/storageAccounts/fileServices/protocolSettings.smb.channelEncryption\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbVersions\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbVersions",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the use of insecure versions of SMB (2.1 & 3.0) when using File Services on a storage account.",
- "display_name": "File Services with insecure SMB versions should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-FileServices-InsecureSmbVersions",
- "parameters": "{\"allowedSmbVersion\":{\"allowedValues\":[\"SMB2.1\",\"SMB3.0\",\"SMB3.1.1\"],\"defaultValue\":\"SMB3.1.1\",\"metadata\":{\"description\":\"The allowed SMB version for maximum security\",\"displayName\":\"Allowed SMB Version\"},\"type\":\"String\"},\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts/fileServices\",\"field\":\"type\"},{\"not\":{\"contains\":\"[parameters('allowedSmbVersion')]\",\"field\":\"Microsoft.Storage/storageAccounts/fileServices/protocolSettings.smb.versions\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Aks\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Aks",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny AKS cluster creation in Azure Machine Learning and enforce connecting to existing clusters.",
- "display_name": "Deny AKS cluster creation in Azure Machine Learning",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-Aks",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"equals\":\"AKS\",\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/resourceId\"},{\"equals\":true,\"value\":\"[empty(field('Microsoft.MachineLearningServices/workspaces/computes/resourceId'))]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-SubnetId\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-SubnetId",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances.",
- "display_name": "Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-Compute-SubnetId",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\"in\":[\"AmlCompute\",\"ComputeInstance\"]},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/subnet.id\"},{\"equals\":true,\"value\":\"[empty(field('Microsoft.MachineLearningServices/workspaces/computes/subnet.id'))]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-VmSize\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-VmSize",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances.",
- "display_name": "Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Budget\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-Compute-VmSize",
- "parameters": "{\"allowedVmSizes\":{\"defaultValue\":[\"Standard_D1_v2\",\"Standard_D2_v2\",\"Standard_D3_v2\",\"Standard_D4_v2\",\"Standard_D11_v2\",\"Standard_D12_v2\",\"Standard_D13_v2\",\"Standard_D14_v2\",\"Standard_DS1_v2\",\"Standard_DS2_v2\",\"Standard_DS3_v2\",\"Standard_DS4_v2\",\"Standard_DS5_v2\",\"Standard_DS11_v2\",\"Standard_DS12_v2\",\"Standard_DS13_v2\",\"Standard_DS14_v2\",\"Standard_M8-2ms\",\"Standard_M8-4ms\",\"Standard_M8ms\",\"Standard_M16-4ms\",\"Standard_M16-8ms\",\"Standard_M16ms\",\"Standard_M32-8ms\",\"Standard_M32-16ms\",\"Standard_M32ls\",\"Standard_M32ms\",\"Standard_M32ts\",\"Standard_M64-16ms\",\"Standard_M64-32ms\",\"Standard_M64ls\",\"Standard_M64ms\",\"Standard_M64s\",\"Standard_M128-32ms\",\"Standard_M128-64ms\",\"Standard_M128ms\",\"Standard_M128s\",\"Standard_M64\",\"Standard_M64m\",\"Standard_M128\",\"Standard_M128m\",\"Standard_D1\",\"Standard_D2\",\"Standard_D3\",\"Standard_D4\",\"Standard_D11\",\"Standard_D12\",\"Standard_D13\",\"Standard_D14\",\"Standard_DS15_v2\",\"Standard_NV6\",\"Standard_NV12\",\"Standard_NV24\",\"Standard_F2s_v2\",\"Standard_F4s_v2\",\"Standard_F8s_v2\",\"Standard_F16s_v2\",\"Standard_F32s_v2\",\"Standard_F64s_v2\",\"Standard_F72s_v2\",\"Standard_NC6s_v3\",\"Standard_NC12s_v3\",\"Standard_NC24rs_v3\",\"Standard_NC24s_v3\",\"Standard_NC6\",\"Standard_NC12\",\"Standard_NC24\",\"Standard_NC24r\",\"Standard_ND6s\",\"Standard_ND12s\",\"Standard_ND24rs\",\"Standard_ND24s\",\"Standard_NC6s_v2\",\"Standard_NC12s_v2\",\"Standard_NC24rs_v2\",\"Standard_NC24s_v2\",\"Standard_ND40rs_v2\",\"Standard_NV12s_v3\",\"Standard_NV24s_v3\",\"Standard_NV48s_v3\"],\"metadata\":{\"description\":\"Specifies the allowed VM Sizes for Aml Compute Clusters and Instances\",\"displayName\":\"Allowed VM Sizes for Aml Compute Clusters and Instances\"},\"type\":\"Array\"},\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\"in\":[\"AmlCompute\",\"ComputeInstance\"]},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/vmSize\",\"notIn\":\"[parameters('allowedVmSizes')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny public access of Azure Machine Learning clusters via SSH.",
- "display_name": "Deny public access of Azure Machine Learning clusters via SSH",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"equals\":\"AmlCompute\",\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\"notEquals\":\"Disabled\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-Scale\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-Scale",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce scale settings for Azure Machine Learning compute clusters.",
- "display_name": "Enforce scale settings for Azure Machine Learning compute clusters",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Budget\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-ComputeCluster-Scale",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"maxNodeCount\":{\"defaultValue\":10,\"metadata\":{\"description\":\"Specifies the maximum node count of AML Clusters\",\"displayName\":\"Maximum Node Count\"},\"type\":\"Integer\"},\"maxNodeIdleTimeInSecondsBeforeScaleDown\":{\"defaultValue\":900,\"metadata\":{\"description\":\"Specifies the maximum node idle time in seconds before scaledown\",\"displayName\":\"Maximum Node Idle Time in Seconds Before Scaledown\"},\"type\":\"Integer\"},\"minNodeCount\":{\"defaultValue\":0,\"metadata\":{\"description\":\"Specifies the minimum node count of AML Clusters\",\"displayName\":\"Minimum Node Count\"},\"type\":\"Integer\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"equals\":\"AmlCompute\",\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\"},{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.maxNodeCount\",\"greater\":\"[parameters('maxNodeCount')]\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.minNodeCount\",\"greater\":\"[parameters('minNodeCount')]\"},{\"greater\":\"[parameters('maxNodeIdleTimeInSecondsBeforeScaleDown')]\",\"value\":\"[int(last(split(replace(replace(replace(replace(replace(replace(replace(field('Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.nodeIdleTimeBeforeScaleDown'), 'P', '/'), 'Y', '/'), 'M', '/'), 'D', '/'), 'T', '/'), 'H', '/'), 'S', ''), '/')))]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-HbiWorkspace\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-HbiWorkspace",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforces high business impact Azure Machine Learning workspaces.",
- "display_name": "Enforces high business impact Azure Machine Learning Workspaces",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-HbiWorkspace",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\"notEquals\":true}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicAccessWhenBehindVnet\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicAccessWhenBehindVnet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny public access behind vnet to Azure Machine Learning workspaces.",
- "display_name": "Deny public access behind vnet to Azure Machine Learning workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-PublicAccessWhenBehindVnet",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\"notEquals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Denies public network access for Azure Machine Learning workspaces. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/438c38d2-3772-465a-a9cc-7a6666a275ce.html",
- "display_name": "[Deprecated] Azure Machine Learning should have disabled public network access",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"438c38d2-3772-465a-a9cc-7a6666a275ce\",\"version\":\"1.0.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-PublicNetworkAccess",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces\",\"field\":\"type\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies any network security rule that allows management port access from the Internet",
- "display_name": "Management port access from the Internet should be blocked",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"replacesPolicy\":\"Deny-RDP-From-Internet\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.1.0\"}",
- "mode": "All",
- "name": "Deny-MgmtPorts-From-Internet",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"ports\":{\"defaultValue\":[\"22\",\"3389\"],\"metadata\":{\"description\":\"Ports to be blocked\",\"displayName\":\"Ports\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/networkSecurityGroups/securityRules\",\"field\":\"type\"},{\"allOf\":[{\"equals\":\"Allow\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/access\"},{\"equals\":\"Inbound\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/direction\"},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\"in\":\"[parameters('ports')]\"},{\"count\":{\"value\":\"[parameters('ports')]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'))), contains(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'),'-')), and(lessOrEquals(int(first(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),int(current())),greaterOrEquals(int(last(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),int(current()))), 'false')]\"}},\"greater\":0},{\"count\":{\"name\":\"ports\",\"value\":\"[parameters('ports')]\",\"where\":{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'))), contains(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'),'-')), and(lessOrEquals(int(first(split(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'), '-'))),int(current('ports'))),greaterOrEquals(int(last(split(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'), '-'))),int(current('ports')))) , 'false')]\"}},\"greater\":0}},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"notIn\":\"[parameters('ports')]\"}}]},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\"},{\"equals\":\"Internet\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\"},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\"notEquals\":\"Internet\"}}]}]}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/networkSecurityGroups\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*]\",\"where\":{\"allOf\":[{\"equals\":\"Allow\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].access\"},{\"equals\":\"Inbound\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\"},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\"in\":\"[parameters('ports')]\"},{\"count\":{\"name\":\"ports\",\"value\":\"[parameters('ports')]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'))), contains(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'),'-')), and(lessOrEquals(int(first(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'), '-'))),int(current('ports'))),greaterOrEquals(int(last(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'), '-'))),int(current('ports')))), 'false')]\"}},\"greater\":0},{\"count\":{\"name\":\"ports\",\"value\":\"[parameters('ports')]\",\"where\":{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'))), contains(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'),'-')), and(lessOrEquals(int(first(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'), '-'))),int(current('ports'))),greaterOrEquals(int(last(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'), '-'))),int(current('ports')))) , 'false')]\"}},\"greater\":0}},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\"notIn\":\"[parameters('ports')]\"}}]},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\"},{\"equals\":\"Internet\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\"},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\"notEquals\":\"Internet\"}}]}]}},\"greater\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "MySQL database servers enforce SSL connections.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MySql-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for MySQL server to enforce\",\"displayName\":\"Select version minimum TLS for MySQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforMySQL/servers\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.DBforMySQL/servers/sslEnforcement\"},{\"field\":\"Microsoft.DBforMySQL/servers/sslEnforcement\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "PostgreSQL database servers enforce SSL connection.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "Indexed",
- "name": "Deny-PostgreSql-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for PostgreSQL server to enforce\",\"displayName\":\"Select version minimum TLS for PostgreSQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforPostgreSQL/servers\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.DBforPostgreSQL/servers/sslEnforcement\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Private-DNS-Zones\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Private-DNS-Zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a private DNS in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription",
- "display_name": "Deny the creation of private DNS",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Private-DNS-Zones",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/privateDnsZones\",\"field\":\"type\"},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of Maria DB accounts with exposed public endpoints. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/fdccbe47-f3e3-4213-ad5d-ea459b2fa077.html",
- "display_name": "[Deprecated] Public network access should be disabled for MariaDB",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\"version\":\"1.0.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deny-PublicEndpoint-MariaDB",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforMariaDB/servers\",\"field\":\"type\"},{\"field\":\"Microsoft.DBforMariaDB/servers/publicNetworkAccess\",\"notequals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "[Deprecated] This policy denies creation of Public IPs under the assigned scope. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/6c112d4e-5bc7-47ae-a041-ea2d9dccd749.html using appropriate assignment parameters.",
- "display_name": "[Deprecated] Deny the creation of public IP",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\"version\":\"1.0.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deny-PublicIP",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/publicIPAddresses\",\"field\":\"type\"},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-RDP-From-Internet\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-RDP-From-Internet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies any network security rule that allows RDP access from Internet. This policy is superseded by https://www.azadvertizer.net/azpolicyadvertizer/Deny-MgmtPorts-From-Internet.html",
- "display_name": "[Deprecated] RDP access from the Internet should be blocked",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"Deny-MgmtPorts-From-Internet\",\"version\":\"1.0.1-deprecated\"}",
- "mode": "All",
- "name": "Deny-RDP-From-Internet",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/networkSecurityGroups/securityRules\",\"field\":\"type\"},{\"allOf\":[{\"equals\":\"Allow\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/access\"},{\"equals\":\"Inbound\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/direction\"},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\"},{\"equals\":\"3389\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\"},{\"equals\":\"true\",\"value\":\"[if(and(not(empty(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'))), contains(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'),'-')), and(lessOrEquals(int(first(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),3389),greaterOrEquals(int(last(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),3389)), 'false')]\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')))), contains(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')),'-')), and(lessOrEquals(int(first(split(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')), '-'))),3389),greaterOrEquals(int(last(split(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')), '-'))),3389)) , 'false')]\"}},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"notEquals\":\"3389\"}}]},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\"},{\"equals\":\"Internet\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\"},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\"notEquals\":\"Internet\"}}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audit enabling of only connections via SSL to Azure Cache for Redis. Validate both minimum TLS version and enableNonSslPort is disabled. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
- "display_name": "Azure Cache for Redis only secure connections should be enabled",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cache\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Redis-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimumTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select minimum TLS version for Azure Cache for Redis.\",\"displayName\":\"Select minumum TLS version for Azure Cache for Redis.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Cache/redis\",\"field\":\"type\"},{\"anyOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Cache/Redis/enableNonSslPort\"},{\"field\":\"Microsoft.Cache/Redis/minimumTlsVersion\",\"notequals\":\"[parameters('minimumTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.",
- "display_name": "Azure SQL Database should have the minimal TLS version set to the highest version",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Sql-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version SQL servers to enforce\",\"displayName\":\"Select version for SQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/servers\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.Sql/servers/minimalTlsVersion\"},{\"field\":\"Microsoft.Sql/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.",
- "display_name": "SQL Managed Instance should have the minimal TLS version set to the highest version",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-SqlMi-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version SQL servers to enforce\",\"displayName\":\"Select version for SQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/managedInstances\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.Sql/managedInstances/minimalTlsVersion\"},{\"field\":\"Microsoft.Sql/managedInstances/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of Storage Accounts with SFTP enabled for Blob Storage.",
- "display_name": "Storage Accounts with SFTP enabled should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Storage-SFTP",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts\",\"field\":\"type\"},{\"equals\":\"true\",\"field\":\"Microsoft.Storage/storageAccounts/isSftpEnabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
- "display_name": "Storage Account set to minimum TLS and Secure transfer should be enabled",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Storage-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimumTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_1\",\"TLS1_0\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version on Azure Storage Account to enforce\",\"displayName\":\"Storage Account select minimum TLS version\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts\",\"field\":\"type\"},{\"anyOf\":[{\"allOf\":[{\"less\":\"2019-04-01\",\"value\":\"[requestContext().apiVersion]\"},{\"exists\":\"false\",\"field\":\"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\"}]},{\"equals\":\"false\",\"field\":\"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\"},{\"field\":\"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\"notequals\":\"[parameters('minimumTlsVersion')]\"},{\"exists\":\"false\",\"field\":\"Microsoft.Storage/storageAccounts/minimumTlsVersion\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-StorageAccount-CustomDomain\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-StorageAccount-CustomDomain",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of Storage Accounts with custom domains assigned as communication cannot be encrypted, and always uses HTTP.",
- "display_name": "Storage Accounts with custom domains assigned should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-StorageAccount-CustomDomain",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"true\",\"field\":\"Microsoft.Storage/storageAccounts/customDomain\"},{\"equals\":\"true\",\"field\":\"Microsoft.Storage/storageAccounts/customDomain.useSubDomainName\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a subnet without a Network Security Group. NSG help to protect traffic across subnet-level.",
- "display_name": "Subnets should have a Network Security Group",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "mode": "All",
- "name": "Deny-Subnet-Without-Nsg",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedSubnets\":{\"defaultValue\":[\"GatewaySubnet\",\"AzureFirewallSubnet\",\"AzureFirewallManagementSubnet\"],\"metadata\":{\"description\":\"Array of subnet names that are excluded from this policy\",\"displayName\":\"Excluded Subnets\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*]\",\"where\":{\"allOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\"},{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].name\",\"notIn\":\"[parameters('excludedSubnets')]\"}]}},\"notEquals\":0}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/subnets\",\"field\":\"type\"},{\"field\":\"name\",\"notIn\":\"[parameters('excludedSubnets')]\"},{\"exists\":\"false\",\"field\":\"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Penp\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Penp",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a subnet without Private Endpoint Netwotk Policies enabled. This policy is intended for 'workload' subnets, not 'central infrastructure' (aka, 'hub') subnets.",
- "display_name": "Subnets without Private Endpoint Network Policies enabled should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-Subnet-Without-Penp",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedSubnets\":{\"defaultValue\":[\"GatewaySubnet\",\"AzureFirewallSubnet\",\"AzureFirewallManagementSubnet\",\"AzureBastionSubnet\"],\"metadata\":{\"description\":\"Array of subnet names that are excluded from this policy\",\"displayName\":\"Excluded Subnets\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].privateEndpointNetworkPolicies\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].name\",\"notIn\":\"[parameters('excludedSubnets')]\"}]}},\"notEquals\":0}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/subnets\",\"field\":\"type\"},{\"field\":\"name\",\"notIn\":\"[parameters('excludedSubnets')]\"},{\"field\":\"Microsoft.Network/virtualNetworks/subnets/privateEndpointNetworkPolicies\",\"notEquals\":\"Enabled\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a subnet without a User Defined Route (UDR).",
- "display_name": "Subnets should have a User Defined Route",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "mode": "All",
- "name": "Deny-Subnet-Without-Udr",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedSubnets\":{\"defaultValue\":[\"AzureBastionSubnet\"],\"metadata\":{\"description\":\"Array of subnet names that are excluded from this policy\",\"displayName\":\"Excluded Subnets\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*]\",\"where\":{\"allOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].routeTable.id\"},{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].name\",\"notIn\":\"[parameters('excludedSubnets')]\"}]}},\"notEquals\":0}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/subnets\",\"field\":\"type\"},{\"field\":\"name\",\"notIn\":\"[parameters('excludedSubnets')]\"},{\"exists\":\"false\",\"field\":\"Microsoft.Network/virtualNetworks/subnets/routeTable.id\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-UDR-With-Specific-NextHop\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-UDR-With-Specific-NextHop",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a User Defined Route with 'Next Hop Type' set to 'Internet' or 'VirtualNetworkGateway'.",
- "display_name": "User Defined Routes with 'Next Hop Type' set to 'Internet' or 'VirtualNetworkGateway' should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-UDR-With-Specific-NextHop",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedDestinations\":{\"defaultValue\":[\"Internet\",\"VirtualNetworkGateway\"],\"metadata\":{\"description\":\"Array of route destinations that are to be denied\",\"displayName\":\"Excluded Destinations\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/routeTables\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/routeTables/routes[*]\",\"where\":{\"field\":\"Microsoft.Network/routeTables/routes[*].nextHopType\",\"in\":\"[parameters('excludedDestinations')]\"}},\"notEquals\":0}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/routeTables/routes\",\"field\":\"type\"},{\"field\":\"Microsoft.Network/routeTables/routes/nextHopType\",\"in\":\"[parameters('excludedDestinations')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of vNet Peerings outside of the same subscriptions under the assigned scope.",
- "display_name": "Deny vNet peering cross subscription.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "All",
- "name": "Deny-VNET-Peer-Cross-Sub",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\"field\":\"type\"},{\"field\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id\",\"notcontains\":\"[subscription().id]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peering-To-Non-Approved-VNETs\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peering-To-Non-Approved-VNETs",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of vNet Peerings to non-approved vNets under the assigned scope.",
- "display_name": "Deny vNet peering to non-approved vNets",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-VNET-Peering-To-Non-Approved-VNETs",
- "parameters": "{\"allowedVnets\":{\"defaultValue\":[],\"metadata\":{\"description\":\"Array of allowed vNets that can be peered with. Must be entered using their resource ID. Example: /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}\",\"displayName\":\"Allowed vNets to peer with\"},\"type\":\"Array\"},\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\"field\":\"type\"},{\"not\":{\"field\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id\",\"in\":\"[parameters('allowedVnets')]\"}}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"not\":{\"field\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings[*].remoteVirtualNetwork.id\",\"in\":\"[parameters('allowedVnets')]\"}},{\"not\":{\"exists\":false,\"field\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings[*].remoteVirtualNetwork.id\"}}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNet-Peering\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNet-Peering",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of vNet Peerings under the assigned scope.",
- "display_name": "Deny vNet peering ",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "All",
- "name": "Deny-VNet-Peering",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\"field\":\"type\"},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This is a DenyAction implementation policy on Activity Logs.",
- "display_name": "DenyAction implementation on Activity Logs",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"deprecated\":false,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "DenyAction-ActivityLogs",
- "parameters": null,
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Resources/subscriptions/providers/diagnosticSettings\",\"field\":\"type\"},\"then\":{\"details\":{\"actionNames\":[\"delete\"]},\"effect\":\"denyAction\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "DenyAction implementation on Diagnostic Logs.",
- "display_name": "DenyAction implementation on Diagnostic Logs.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"deprecated\":false,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "DenyAction-DiagnosticLogs",
- "parameters": null,
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Insights/diagnosticSettings\",\"field\":\"type\"},\"then\":{\"details\":{\"actionNames\":[\"delete\"]},\"effect\":\"denyAction\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Microsoft Defender for Cloud Security Contacts",
- "display_name": "Deploy Microsoft Defender for Cloud Security Contacts",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Security Center\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Deploy-ASC-SecurityContacts",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"string\"},\"emailSecurityContact\":{\"metadata\":{\"description\":\"Provide email address for Azure Security Center contact details\",\"displayName\":\"Security contacts email address\"},\"type\":\"string\"},\"minimalSeverity\":{\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":\"High\",\"metadata\":{\"description\":\"Defines the minimal alert severity which will be sent as email notifications\",\"displayName\":\"Minimal severity\"},\"type\":\"string\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"emailSecurityContact\":{\"value\":\"[parameters('emailSecurityContact')]\"},\"minimalSeverity\":{\"value\":\"[parameters('minimalSeverity')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"emailSecurityContact\":{\"metadata\":{\"description\":\"Security contacts email address\"},\"type\":\"string\"},\"minimalSeverity\":{\"metadata\":{\"description\":\"Minimal severity level reported\"},\"type\":\"string\"}},\"resources\":[{\"apiVersion\":\"2020-01-01-preview\",\"name\":\"default\",\"properties\":{\"alertNotifications\":{\"minimalSeverity\":\"[parameters('minimalSeverity')]\",\"state\":\"On\"},\"emails\":\"[parameters('emailSecurityContact')]\",\"notificationsByRole\":{\"roles\":[\"Owner\"],\"state\":\"On\"}},\"type\":\"Microsoft.Security/securityContacts\"}],\"variables\":{}}}},\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"contains\":\"[parameters('emailSecurityContact')]\",\"field\":\"Microsoft.Security/securityContacts/email\"},{\"contains\":\"[parameters('minimalSeverity')]\",\"field\":\"Microsoft.Security/securityContacts/alertNotifications.minimalSeverity\"},{\"equals\":\"Microsoft.Security/securityContacts\",\"field\":\"type\"},{\"equals\":\"On\",\"field\":\"Microsoft.Security/securityContacts/alertNotifications\"},{\"equals\":\"On\",\"field\":\"Microsoft.Security/securityContacts/alertsToAdmins\"}]},\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"],\"type\":\"Microsoft.Security/securityContacts\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Budget\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Budget",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a default budget on all subscriptions under the assigned scope",
- "display_name": "Deploy a default budget on all subscriptions under the assigned scope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureUSGovernment\"],\"category\":\"Budget\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Deploy-Budget",
- "parameters": "{\"amount\":{\"defaultValue\":\"1000\",\"metadata\":{\"description\":\"The total amount of cost or usage to track with the budget\"},\"type\":\"String\"},\"budgetName\":{\"defaultValue\":\"budget-set-by-policy\",\"metadata\":{\"description\":\"The name for the budget to be created\"},\"type\":\"String\"},\"contactEmails\":{\"defaultValue\":[],\"metadata\":{\"description\":\"The list of email addresses, in an array, to send the budget notification to when the threshold is exceeded.\"},\"type\":\"Array\"},\"contactGroups\":{\"defaultValue\":[],\"metadata\":{\"description\":\"The list of action groups, in an array, to send the budget notification to when the threshold is exceeded. It accepts array of strings.\"},\"type\":\"Array\"},\"contactRoles\":{\"defaultValue\":[\"Owner\",\"Contributor\"],\"metadata\":{\"description\":\"The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.\"},\"type\":\"Array\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\"},\"type\":\"String\"},\"firstThreshold\":{\"defaultValue\":\"90\",\"metadata\":{\"description\":\"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"},\"type\":\"String\"},\"secondThreshold\":{\"defaultValue\":\"100\",\"metadata\":{\"description\":\"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"},\"type\":\"String\"},\"timeGrain\":{\"allowedValues\":[\"Monthly\",\"Quarterly\",\"Annually\",\"BillingMonth\",\"BillingQuarter\",\"BillingAnnual\"],\"defaultValue\":\"Monthly\",\"metadata\":{\"description\":\"The time covered by a budget. Tracking of the amount will be reset based on the time grain.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"amount\":{\"value\":\"[parameters('amount')]\"},\"budgetName\":{\"value\":\"[parameters('budgetName')]\"},\"contactEmails\":{\"value\":\"[parameters('contactEmails')]\"},\"contactGroups\":{\"value\":\"[parameters('contactGroups')]\"},\"contactRoles\":{\"value\":\"[parameters('contactRoles')]\"},\"firstThreshold\":{\"value\":\"[parameters('firstThreshold')]\"},\"secondThreshold\":{\"value\":\"[parameters('secondThreshold')]\"},\"timeGrain\":{\"value\":\"[parameters('timeGrain')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"amount\":{\"type\":\"String\"},\"budgetName\":{\"type\":\"String\"},\"contactEmails\":{\"type\":\"Array\"},\"contactGroups\":{\"type\":\"Array\"},\"contactRoles\":{\"type\":\"Array\"},\"firstThreshold\":{\"type\":\"String\"},\"secondThreshold\":{\"type\":\"String\"},\"startDate\":{\"defaultValue\":\"[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]\",\"type\":\"String\"},\"timeGrain\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2019-10-01\",\"name\":\"[parameters('budgetName')]\",\"properties\":{\"amount\":\"[parameters('amount')]\",\"category\":\"Cost\",\"notifications\":{\"NotificationForExceededBudget1\":{\"contactEmails\":\"[parameters('contactEmails')]\",\"contactGroups\":\"[parameters('contactGroups')]\",\"contactRoles\":\"[parameters('contactRoles')]\",\"enabled\":true,\"operator\":\"GreaterThan\",\"threshold\":\"[parameters('firstThreshold')]\"},\"NotificationForExceededBudget2\":{\"contactEmails\":\"[parameters('contactEmails')]\",\"contactGroups\":\"[parameters('contactGroups')]\",\"contactRoles\":\"[parameters('contactRoles')]\",\"enabled\":true,\"operator\":\"GreaterThan\",\"threshold\":\"[parameters('secondThreshold')]\"}},\"timeGrain\":\"[parameters('timeGrain')]\",\"timePeriod\":{\"startDate\":\"[parameters('startDate')]\"}},\"type\":\"Microsoft.Consumption/budgets\"}]}}},\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('amount')]\",\"field\":\"Microsoft.Consumption/budgets/amount\"},{\"equals\":\"[parameters('timeGrain')]\",\"field\":\"Microsoft.Consumption/budgets/timeGrain\"},{\"equals\":\"Cost\",\"field\":\"Microsoft.Consumption/budgets/category\"}]},\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Consumption/budgets\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Custom-Route-Table\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Custom-Route-Table",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys a route table with specific user defined routes when one does not exist. The route table deployed by the policy must be manually associated to subnet(s)",
- "display_name": "Deploy a route table with specific user defined routes",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Custom-Route-Table",
- "parameters": "{\"disableBgpPropagation\":{\"defaultValue\":false,\"metadata\":{\"description\":\"Disable BGP Propagation\",\"displayName\":\"DisableBgpPropagation\"},\"type\":\"Boolean\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"requiredRoutes\":{\"metadata\":{\"description\":\"Routes that must exist in compliant route tables deployed by this policy\",\"displayName\":\"requiredRoutes\"},\"type\":\"Array\"},\"routeTableName\":{\"metadata\":{\"description\":\"Name of the route table automatically deployed by this policy\",\"displayName\":\"routeTableName\"},\"type\":\"String\"},\"vnetRegion\":{\"metadata\":{\"description\":\"Only VNets in this region will be evaluated against this policy\",\"displayName\":\"vnetRegion\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"equals\":\"[parameters('vnetRegion')]\",\"field\":\"location\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"disableBgpPropagation\":{\"value\":\"[parameters('disableBgpPropagation')]\"},\"requiredRoutes\":{\"value\":\"[parameters('requiredRoutes')]\"},\"routeTableName\":{\"value\":\"[parameters('routeTableName')]\"},\"vnetRegion\":{\"value\":\"[parameters('vnetRegion')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"disableBgpPropagation\":{\"type\":\"bool\"},\"requiredRoutes\":{\"type\":\"array\"},\"routeTableName\":{\"type\":\"string\"},\"vnetRegion\":{\"type\":\"string\"}},\"resources\":[{\"apiVersion\":\"2021-04-01\",\"name\":\"routeTableDepl\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"disableBgpPropagation\":{\"value\":\"[parameters('disableBgpPropagation')]\"},\"requiredRoutes\":{\"value\":\"[parameters('requiredRoutes')]\"},\"routeTableName\":{\"value\":\"[parameters('routeTableName')]\"},\"vnetRegion\":{\"value\":\"[parameters('vnetRegion')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"disableBgpPropagation\":{\"type\":\"bool\"},\"requiredRoutes\":{\"type\":\"array\"},\"routeTableName\":{\"type\":\"string\"},\"vnetRegion\":{\"type\":\"string\"}},\"resources\":[{\"apiVersion\":\"2021-02-01\",\"location\":\"[[parameters('vnetRegion')]\",\"name\":\"[[parameters('routeTableName')]\",\"properties\":{\"copy\":\"[variables('copyLoop')]\",\"disableBgpRoutePropagation\":\"[[parameters('disableBgpPropagation')]\"},\"type\":\"Microsoft.Network/routeTables\"}]}},\"type\":\"Microsoft.Resources/deployments\"}],\"variables\":{\"copyLoop\":[{\"count\":\"[[length(parameters('requiredRoutes'))]\",\"input\":{\"name\":\"[[concat('route-',copyIndex('routes'))]\",\"properties\":{\"addressPrefix\":\"[[split(parameters('requiredRoutes')[copyIndex('routes')], ';')[0]]\",\"nextHopIpAddress\":\"[[if(equals(toLower(split(parameters('requiredRoutes')[copyIndex('routes')], ';')[1]),'virtualappliance'),split(parameters('requiredRoutes')[copyIndex('routes')], ';')[2], null())]\",\"nextHopType\":\"[[split(parameters('requiredRoutes')[copyIndex('routes')], ';')[1]]\"}},\"name\":\"routes\"}]}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('routeTableName')]\",\"field\":\"name\"},{\"count\":{\"field\":\"Microsoft.Network/routeTables/routes[*]\",\"where\":{\"in\":\"[parameters('requiredRoutes')]\",\"value\":\"[concat(current('Microsoft.Network/routeTables/routes[*].addressPrefix'), ';', current('Microsoft.Network/routeTables/routes[*].nextHopType'), if(equals(toLower(current('Microsoft.Network/routeTables/routes[*].nextHopType')),'virtualappliance'), concat(';', current('Microsoft.Network/routeTables/routes[*].nextHopIpAddress')), ''))]\"}},\"equals\":\"[length(parameters('requiredRoutes'))]\"}]},\"roleDefinitionIds\":[\"/subscriptions/e867a45d-e513-44ac-931e-4741cef80b24/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"type\":\"Microsoft.Network/routeTables\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-DDoSProtection\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-DDoSProtection",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys an Azure DDoS Network Protection",
- "display_name": "Deploy an Azure DDoS Network Protection",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "All",
- "name": "Deploy-DDoSProtection",
- "parameters": "{\"ddosName\":{\"metadata\":{\"description\":\"DDoSVnet\",\"displayName\":\"ddosName\"},\"type\":\"String\"},\"ddosRegion\":{\"metadata\":{\"description\":\"DDoSVnet location\",\"displayName\":\"ddosRegion\",\"strongType\":\"location\"},\"type\":\"String\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"rgName\":{\"metadata\":{\"description\":\"Provide name for resource group.\",\"displayName\":\"rgName\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"ddosname\":{\"value\":\"[parameters('ddosname')]\"},\"ddosregion\":{\"value\":\"[parameters('ddosRegion')]\"},\"rgName\":{\"value\":\"[parameters('rgName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"ddosRegion\":{\"type\":\"String\"},\"ddosname\":{\"type\":\"String\"},\"rgName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2018-05-01\",\"location\":\"[deployment().location]\",\"name\":\"[parameters('rgName')]\",\"properties\":{},\"type\":\"Microsoft.Resources/resourceGroups\"},{\"apiVersion\":\"2018-05-01\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]\"],\"name\":\"ddosprotection\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{},\"resources\":[{\"apiVersion\":\"2019-12-01\",\"location\":\"[parameters('ddosRegion')]\",\"name\":\"[parameters('ddosName')]\",\"properties\":{},\"type\":\"Microsoft.Network/ddosProtectionPlans\"}]}},\"resourceGroup\":\"[parameters('rgName')]\",\"type\":\"Microsoft.Resources/deployments\"}]}}},\"deploymentScope\":\"subscription\",\"existenceScope\":\"resourceGroup\",\"name\":\"[parameters('ddosName')]\",\"resourceGroupName\":\"[parameters('rgName')]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"type\":\"Microsoft.Network/ddosProtectionPlans\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Automation to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-AA",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Automation/automationAccounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"JobLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"JobStreams\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DscNodeStatus\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Automation/automationAccounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.",
- "display_name": "Deploy Diagnostic Settings for Container Instances to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ACI",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.ContainerInstance/containerGroups\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.ContainerInstance/containerGroups/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics enabled.",
- "display_name": "Deploy Diagnostic Settings for Container Registry to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ACR",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.ContainerRegistry/registries\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ContainerRegistryLoginEvents\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ContainerRegistryRepositoryEvents\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.ContainerRegistry/registries/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for API Management to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-APIMgmt",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logAnalyticsDestinationType\":{\"allowedValues\":[\"AzureDiagnostics\",\"Dedicated\"],\"defaultValue\":\"AzureDiagnostics\",\"metadata\":{\"description\":\"Select destination type for Log Analytics. Allowed values are 'Dedicated' (resource specific) and 'AzureDiagnostics'. Default is 'AzureDiagnostics'\",\"displayName\":\"Log Analytics destination type\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.ApiManagement/service\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logAnalyticsDestinationType\":{\"value\":\"[parameters('logAnalyticsDestinationType')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logAnalyticsDestinationType\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logAnalyticsDestinationType\":\"[parameters('logAnalyticsDestinationType')]\",\"logs\":[{\"category\":\"GatewayLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"WebSocketConnectionLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.ApiManagement/service/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.",
- "display_name": "Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-AVDScalingPlans",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DesktopVirtualization/scalingplans\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Autoscale\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-AnalysisService",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.AnalysisServices/servers\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Engine\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Service\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.AnalysisServices/servers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ApiForFHIR",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.HealthcareApis/services\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"AuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.HealthcareApis/services/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ApplicationGateway",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/applicationGateways\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ApplicationGatewayAccessLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ApplicationGatewayPerformanceLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ApplicationGatewayFirewallLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/applicationGateways/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Azure Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Bastion",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/bastionHosts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"BastionAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/bastionHosts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-CDNEndpoints",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Cdn/profiles/endpoints\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('fullName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"CoreAnalytics\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Cdn/profiles/endpoints/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-CognitiveServices",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.CognitiveServices/accounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Audit\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RequestResponse\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Trace\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.CognitiveServices/accounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-CosmosDB",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DocumentDB/databaseAccounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"DataPlaneRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"MongoRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"QueryRuntimeStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PartitionKeyStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PartitionKeyRUConsumption\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ControlPlaneRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"CassandraRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"GremlinRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TableApiRequests\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"Requests\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DocumentDB/databaseAccounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-DLAnalytics",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DataLakeAnalytics/accounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Audit\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Requests\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-DataExplorerCluster",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Kusto/Clusters\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"SucceededIngestion\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"FailedIngestion\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"IngestionBatching\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Command\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Query\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TableUsageStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TableDetails\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Kusto/Clusters/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Data Factory to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-DataFactory",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DataFactory/factories\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ActivityRuns\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PipelineRuns\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TriggerRuns\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageEventMessages\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageExecutableStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageEventMessageContext\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageExecutionComponentPhases\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageExecutionDataStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISIntegrationRuntimeLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SandboxPipelineRuns\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SandboxActivityRuns\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DataFactory/factories/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Databricks to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.3.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Databricks",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Databricks/workspaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"dbfs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"clusters\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"accounts\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"jobs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"notebook\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ssh\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"workspace\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"secrets\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"sqlPermissions\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"instancePools\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"sqlanalytics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"genie\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"globalInitScripts\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"iamRole\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"mlflowExperiment\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"featureStore\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RemoteHistoryService\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"mlflowAcledArtifact\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"databrickssql\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"deltaPipelines\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"modelRegistry\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"repos\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"unityCatalog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"gitCredentials\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"webTerminal\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"serverlessRealTimeInference\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"clusterLibraries\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"partnerHub\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"clamAVScan\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"capsule8Dataplane\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Databricks/workspaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-EventGridSub",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.EventGrid/eventSubscriptions\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.EventGrid/eventSubscriptions/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-EventGridSystemTopic",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.EventGrid/systemTopics\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"DeliveryFailures\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.EventGrid/systemTopics/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-EventGridTopic",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.EventGrid/topics\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"DeliveryFailures\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PublishFailures\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataPlaneRequests\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.EventGrid/topics/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ExpressRoute",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/expressRouteCircuits\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"PeeringRouteLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/expressRouteCircuits/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Firewall to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Firewall",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logAnalyticsDestinationType\":{\"allowedValues\":[\"AzureDiagnostics\",\"Dedicated\"],\"defaultValue\":\"AzureDiagnostics\",\"metadata\":{\"description\":\"Select destination type for Log Analytics. Allowed values are 'Dedicated' (resource specific) and 'AzureDiagnostics'. Default is 'AzureDiagnostics'\",\"displayName\":\"Log Analytics destination type\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/azureFirewalls\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logAnalyticsDestinationType\":{\"value\":\"[parameters('logAnalyticsDestinationType')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logAnalyticsDestinationType\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logAnalyticsDestinationType\":\"[parameters('logAnalyticsDestinationType')]\",\"logs\":[{\"category\":\"AzureFirewallApplicationRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AzureFirewallNetworkRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AzureFirewallDnsProxy\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWNetworkRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWApplicationRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWNatRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWThreatIntel\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWIdpsSignature\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWDnsQuery\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWFqdnResolveFailure\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWApplicationRuleAggregation\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWNetworkRuleAggregation\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWNatRuleAggregation\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWFatFlow\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWFlowTrace\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/azureFirewalls/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Front Door to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-FrontDoor",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/frontDoors\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"FrontdoorAccessLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"FrontdoorWebApplicationFirewallLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/frontDoors/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Function",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"contains\":\"functionapp\",\"value\":\"[field('kind')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"FunctionAppLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Web/sites/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for HDInsight to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-HDInsight",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.HDInsight/clusters\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.HDInsight/clusters/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-LoadBalancer",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/loadBalancers\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"LoadBalancerAlertEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"LoadBalancerProbeHealthStatus\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/loadBalancers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Log Analytics workspaces to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-LogAnalytics",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"microsoft.operationalinsights/workspaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Audit\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"microsoft.operationalinsights/workspaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-LogicAppsISE",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Logic/integrationAccounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"IntegrationAccountTrackingEvents\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Logic/integrationAccounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for MariaDB to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-MariaDB",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DBforMariaDB/servers\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"MySqlSlowLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"MySqlAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DBforMariaDB/servers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-MediaService",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Media/mediaServices\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"KeyDeliveryRequests\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Media/mediaServices/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-MlWorkspace",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.MachineLearningServices/workspaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"AmlComputeClusterEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AmlComputeClusterNodeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AmlComputeJobEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AmlComputeCpuGpuUtilization\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AmlRunStatusChangedEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ModelsChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ModelsReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ModelsActionEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeploymentReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeploymentEventACI\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeploymentEventAKS\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"InferencingOperationAKS\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"InferencingOperationACI\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataLabelChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataLabelReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ComputeInstanceEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataStoreChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataStoreReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataSetChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataSetReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PipelineChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PipelineReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RunEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RunReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"EnvironmentChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"EnvironmentReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false}}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.MachineLearningServices/workspaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-MySQL",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DBforMySQL/servers\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"MySqlSlowLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"MySqlAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DBforMySQL/servers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-NIC",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/networkInterfaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/networkInterfaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-NetworkSecurityGroups",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/networkSecurityGroups\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"NetworkSecurityGroupEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"NetworkSecurityGroupRuleCounter\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-PostgreSQL",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"equals\":\"Microsoft.DBforPostgreSQL/flexibleServers\",\"field\":\"type\"},{\"equals\":\"Microsoft.DBforPostgreSQL/servers\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"resourceType\":{\"value\":\"[field('type')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"},\"resourceType\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2021-05-01-preview\",\"condition\":\"[startsWith(parameters('resourceType'),'Microsoft.DBforPostgreSQL/flexibleServers')]\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"PostgreSQLLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DBforPostgreSQL/flexibleServers/providers/diagnosticSettings\"},{\"apiVersion\":\"2021-05-01-preview\",\"condition\":\"[startsWith(parameters('resourceType'),'Microsoft.DBforPostgreSQL/servers')]\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"PostgreSQLLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"QueryStoreRuntimeStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"QueryStoreWaitStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DBforPostgreSQL/servers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-PowerBIEmbedded",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.PowerBIDedicated/capacities\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Engine\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.PowerBIDedicated/capacities/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-RedisCache",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Cache/redis\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Cache/redis/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Relay to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Relay",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Relay/namespaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"HybridConnectionsEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Relay/namespaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-SQLElasticPools",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/elasticPools\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('fullName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Sql/servers/elasticPools/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-SQLMI",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/managedInstances\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ResourceUsageStats\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SQLSecurityAuditEvents\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DevOpsOperationsAudit\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Sql/managedInstances/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for SignalR to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-SignalR",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.SignalRService/SignalR\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"AllLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.SignalRService/SignalR/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-TimeSeriesInsights",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.TimeSeriesInsights/environments\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Ingress\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Management\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.TimeSeriesInsights/environments/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-TrafficManager",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/trafficManagerProfiles\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ProbeHealthStatusEvents\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/trafficManagerProfiles/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VM",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Compute/virtualMachines\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false}}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Compute/virtualMachines/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Virtual Machine Scale Sets to stream to a Log Analytics workspace when any Virtual Machine Scale Sets which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VMSS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false}}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Compute/virtualMachineScaleSets/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.",
- "display_name": "Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.1\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VNetGW",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/virtualNetworkGateways\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"GatewayDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"IKEDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"P2SDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RouteDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TunnelDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/virtualNetworkGateways/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for VWAN S2S VPN Gateway to stream to a Log Analytics workspace when any VWAN S2S VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.",
- "display_name": "Deploy Diagnostic Settings for VWAN S2S VPN Gateway to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VWanS2SVPNGW",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/vpnGateways\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"GatewayDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"IKEDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RouteDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TunnelDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/vpnGateways/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VirtualNetwork",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"VMProtectionAlerts\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false}}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/virtualNetworks/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for AVD Application group to stream to a Log Analytics workspace when any application group which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.",
- "display_name": "Deploy Diagnostic Settings for AVD Application group to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.1\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-WVDAppGroup",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DesktopVirtualization/applicationGroups\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Checkpoint\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Error\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Management\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DesktopVirtualization/applicationGroups/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for AVD Host Pools to stream to a Log Analytics workspace when any Host Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.",
- "display_name": "Deploy Diagnostic Settings for AVD Host Pools to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.3.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-WVDHostPools",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DesktopVirtualization/hostpools\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Checkpoint\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Error\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Management\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Connection\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"HostRegistration\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AgentHealthStatus\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"NetworkData\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SessionHostManagement\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ConnectionGraphicsData\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DesktopVirtualization/hostpools/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.",
- "display_name": "Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.1\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-WVDWorkspace",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DesktopVirtualization/workspaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Checkpoint\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Error\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Management\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Feed\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DesktopVirtualization/workspaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-WebServerFarm",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Web/serverfarms\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Web/serverfarms/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for App Service to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Website",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"notContains\":\"functionapp\",\"value\":\"[field('kind')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"serverFarmId\":{\"value\":\"[field('Microsoft.Web/sites/serverFarmId')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat(parameters('logAnalytics'), 'configured for diagnostic logs for ', ': ', parameters('resourceName'))]\"}},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"},\"serverFarmId\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":\"[if(startsWith(reference(parameters('serverFarmId'), '2021-03-01', 'Full').sku.tier, 'Premium'), variables('logs').premiumTierLogs, variables('logs').otherTierLogs)]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Web/sites/providers/diagnosticSettings\"}],\"variables\":{\"logs\":{\"otherTierLogs\":[{\"category\":\"AppServiceHTTPLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceConsoleLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceAppLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceIPSecAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServicePlatformLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"premiumTierLogs\":[{\"category\":\"AppServiceAntivirusScanAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceHTTPLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceConsoleLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceAppLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceFileAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceIPSecAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServicePlatformLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('logsEnabled')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('metricsEnabled')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-iotHub",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Devices/IotHubs\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Connections\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeviceTelemetry\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"C2DCommands\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeviceIdentityOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"FileUploadOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Routes\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"D2CTwinOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"C2DTwinOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TwinQueries\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"JobsOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DirectMethods\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DistributedTracing\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Configurations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeviceStreams\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Devices/IotHubs/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-FirewallPolicy\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-FirewallPolicy",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys Azure Firewall Manager policy in subscription where the policy is assigned.",
- "display_name": "Deploy Azure Firewall Manager policy in the subscription",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deploy-FirewallPolicy",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"fwPolicyRegion\":{\"metadata\":{\"description\":\"Select Azure region for Azure Firewall Policy\",\"displayName\":\"fwPolicyRegion\",\"strongType\":\"location\"},\"type\":\"String\"},\"fwpolicy\":{\"defaultValue\":{},\"metadata\":{\"description\":\"Object describing Azure Firewall Policy\",\"displayName\":\"fwpolicy\"},\"type\":\"Object\"},\"rgName\":{\"metadata\":{\"description\":\"Provide name for resource group.\",\"displayName\":\"rgName\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"fwPolicy\":{\"value\":\"[parameters('fwPolicy')]\"},\"fwPolicyRegion\":{\"value\":\"[parameters('fwPolicyRegion')]\"},\"rgName\":{\"value\":\"[parameters('rgName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"fwPolicy\":{\"type\":\"object\"},\"fwPolicyRegion\":{\"type\":\"String\"},\"rgName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2018-05-01\",\"location\":\"[deployment().location]\",\"name\":\"[parameters('rgName')]\",\"properties\":{},\"type\":\"Microsoft.Resources/resourceGroups\"},{\"apiVersion\":\"2018-05-01\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]\"],\"name\":\"fwpolicies\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{},\"resources\":[{\"apiVersion\":\"2019-09-01\",\"dependsOn\":[],\"location\":\"[parameters('fwpolicy').location]\",\"name\":\"[parameters('fwpolicy').firewallPolicyName]\",\"properties\":{},\"resources\":[{\"apiVersion\":\"2019-09-01\",\"dependsOn\":[\"[resourceId('Microsoft.Network/firewallPolicies',parameters('fwpolicy').firewallPolicyName)]\"],\"name\":\"[parameters('fwpolicy').ruleGroups.name]\",\"properties\":{\"priority\":\"[parameters('fwpolicy').ruleGroups.properties.priority]\",\"rules\":\"[parameters('fwpolicy').ruleGroups.properties.rules]\"},\"type\":\"ruleGroups\"}],\"tags\":{},\"type\":\"Microsoft.Network/firewallPolicies\"}],\"variables\":{}}},\"resourceGroup\":\"[parameters('rgName')]\",\"type\":\"Microsoft.Resources/deployments\"}]}}},\"deploymentScope\":\"subscription\",\"existenceScope\":\"resourceGroup\",\"resourceGroupName\":\"[parameters('rgName')]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Network/firewallPolicies\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "Azure Database for MySQL server deploy a specific min TLS version and enforce SSL.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-MySQL-sslEnforcement",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure Database for MySQL server\",\"displayName\":\"Effect minimum TLS version Azure Database for MySQL server\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for MySQL server to enforce\",\"displayName\":\"Select version minimum TLS for MySQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforMySQL/servers\",\"field\":\"type\"},{\"anyOf\":[{\"field\":\"Microsoft.DBforMySQL/servers/sslEnforcement\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('minimalTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimalTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-12-01\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimalTlsVersion\":\"[parameters('minimalTlsVersion')]\",\"sslEnforcement\":\"[if(equals(parameters('minimalTlsVersion'), 'TLSEnforcementDisabled'),'Disabled', 'Enabled')]\"},\"type\":\"Microsoft.DBforMySQL/servers\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"Enabled\",\"field\":\"Microsoft.DBforMySQL/servers/sslEnforcement\"},{\"equals\":\"[parameters('minimalTlsVersion')]\",\"field\":\"Microsoft.DBforMySQL/servers/minimalTlsVersion\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.DBforMySQL/servers\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "[Deprecated] Deprecated by built-in policy. Deploys NSG flow logs and traffic analytics to a storageaccountid with a specified retention period. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/e920df7f-9a64-4066-9b58-52684c02a091.html",
- "display_name": "[Deprecated] Deploys NSG flow logs and traffic analytics",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"e920df7f-9a64-4066-9b58-52684c02a091\",\"version\":\"1.0.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deploy-Nsg-FlowLogs",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"flowAnalyticsEnabled\":{\"defaultValue\":false,\"metadata\":{\"displayName\":\"Enable Traffic Analytics\"},\"type\":\"Boolean\"},\"logAnalytics\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Resource ID of Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"retention\":{\"defaultValue\":5,\"metadata\":{\"displayName\":\"Retention\"},\"type\":\"Integer\"},\"storageAccountResourceId\":{\"metadata\":{\"displayName\":\"Storage Account Resource Id\",\"strongType\":\"Microsoft.Storage/storageAccounts\"},\"type\":\"String\"},\"trafficAnalyticsInterval\":{\"defaultValue\":60,\"metadata\":{\"displayName\":\"Traffic Analytics processing interval mins (10/60)\"},\"type\":\"Integer\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/networkSecurityGroups\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"flowAnalyticsEnabled\":{\"value\":\"[parameters('flowAnalyticsEnabled')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"networkSecurityGroupName\":{\"value\":\"[field('name')]\"},\"resourceGroupName\":{\"value\":\"[resourceGroup().name]\"},\"retention\":{\"value\":\"[parameters('retention')]\"},\"storageAccountResourceId\":{\"value\":\"[parameters('storageAccountResourceId')]\"},\"trafficAnalyticsInterval\":{\"value\":\"[parameters('trafficAnalyticsInterval')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"flowAnalyticsEnabled\":{\"type\":\"bool\"},\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"networkSecurityGroupName\":{\"type\":\"String\"},\"resourceGroupName\":{\"type\":\"String\"},\"retention\":{\"type\":\"int\"},\"storageAccountResourceId\":{\"type\":\"String\"},\"trafficAnalyticsInterval\":{\"type\":\"int\"}},\"resources\":[{\"apiVersion\":\"2020-05-01\",\"location\":\"[parameters('location')]\",\"name\":\"[take(concat('NetworkWatcher_', toLower(parameters('location')), '/', parameters('networkSecurityGroupName'), '-', parameters('resourceGroupName'), '-flowlog' ), 80)]\",\"properties\":{\"enabled\":true,\"flowAnalyticsConfiguration\":{\"networkWatcherFlowAnalyticsConfiguration\":{\"enabled\":\"[bool(parameters('flowAnalyticsEnabled'))]\",\"trafficAnalyticsInterval\":\"[parameters('trafficAnalyticsInterval')]\",\"workspaceId\":\"[if(not(empty(parameters('logAnalytics'))), reference(parameters('logAnalytics'), '2020-03-01-preview', 'Full').properties.customerId, json('null')) ]\",\"workspaceRegion\":\"[if(not(empty(parameters('logAnalytics'))), reference(parameters('logAnalytics'), '2020-03-01-preview', 'Full').location, json('null')) ]\",\"workspaceResourceId\":\"[if(not(empty(parameters('logAnalytics'))), parameters('logAnalytics'), json('null'))]\"}},\"format\":{\"type\":\"JSON\",\"version\":2},\"retentionPolicy\":{\"days\":\"[parameters('retention')]\",\"enabled\":true},\"storageId\":\"[parameters('storageAccountResourceId')]\",\"targetResourceId\":\"[resourceId(parameters('resourceGroupName'), 'Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]\"},\"type\":\"Microsoft.Network/networkWatchers/flowLogs\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Network/networkWatchers/flowLogs/enabled\"},{\"equals\":\"[parameters('flowAnalyticsEnabled')]\",\"field\":\"Microsoft.Network/networkWatchers/flowLogs/flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled\"}]},\"resourceGroupName\":\"NetworkWatcherRG\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Network/networkWatchers/flowLogs\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs-to-LA\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs-to-LA",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "[Deprecated] Deprecated by built-in policy. Deploys NSG flow logs and traffic analytics to Log Analytics with a specified retention period. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/e920df7f-9a64-4066-9b58-52684c02a091.html",
- "display_name": "[Deprecated] Deploys NSG flow logs and traffic analytics to Log Analytics",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"e920df7f-9a64-4066-9b58-52684c02a091\",\"version\":\"1.1.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deploy-Nsg-FlowLogs-to-LA",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"interval\":{\"defaultValue\":60,\"metadata\":{\"displayName\":\"Traffic Analytics processing interval mins (10/60)\"},\"type\":\"Integer\"},\"retention\":{\"defaultValue\":5,\"metadata\":{\"displayName\":\"Retention\"},\"type\":\"Integer\"},\"workspace\":{\"defaultValue\":\"\\u003cworkspace resource ID\\u003e\",\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Resource ID of Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/networkSecurityGroups\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"interval\":{\"value\":\"[parameters('interval')]\"},\"location\":{\"value\":\"[field('location')]\"},\"networkSecurityGroup\":{\"value\":\"[field('id')]\"},\"retention\":{\"value\":\"[parameters('retention')]\"},\"workspace\":{\"value\":\"[parameters('workspace')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"interval\":{\"type\":\"int\"},\"location\":{\"type\":\"String\"},\"networkSecurityGroup\":{\"type\":\"String\"},\"retention\":{\"type\":\"int\"},\"time\":{\"defaultValue\":\"[utcNow()]\",\"type\":\"String\"},\"workspace\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2019-10-01\",\"name\":\"[concat(variables('resourceGroupName'), '.', variables('securityGroupName'))]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"apiVersion\":\"2019-06-01\",\"kind\":\"StorageV2\",\"location\":\"[parameters('location')]\",\"name\":\"[variables('storageAccountName')]\",\"properties\":{},\"sku\":{\"name\":\"Standard_LRS\",\"tier\":\"Standard\"},\"type\":\"Microsoft.Storage/storageAccounts\"}]}},\"resourceGroup\":\"[variables('resourceGroupName')]\",\"type\":\"Microsoft.Resources/deployments\"},{\"apiVersion\":\"2019-10-01\",\"dependsOn\":[\"[concat(variables('resourceGroupName'), '.', variables('securityGroupName'))]\"],\"name\":\"[concat('NetworkWatcherRG', '.', variables('securityGroupName'))]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"apiVersion\":\"2020-05-01\",\"location\":\"[parameters('location')]\",\"name\":\"[concat('NetworkWatcher_', toLower(parameters('location')))]\",\"properties\":{},\"resources\":[{\"apiVersion\":\"2019-11-01\",\"dependsOn\":[\"[concat('NetworkWatcher_', toLower(parameters('location')))]\"],\"location\":\"[parameters('location')]\",\"name\":\"[concat(variables('securityGroupName'), '-Network-flowlog')]\",\"properties\":{\"enabled\":true,\"flowAnalyticsConfiguration\":{\"networkWatcherFlowAnalyticsConfiguration\":{\"enabled\":true,\"trafficAnalyticsInterval\":\"[parameters('interval')]\",\"workspaceResourceId\":\"[parameters('workspace')]\"}},\"format\":{\"type\":\"JSON\",\"version\":2},\"retentionPolicy\":{\"days\":\"[parameters('retention')]\",\"enabled\":true},\"storageId\":\"[concat(subscription().id, '/resourceGroups/', variables('resourceGroupName'), '/providers/Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]\",\"targetResourceId\":\"[parameters('networkSecurityGroup')]\"},\"type\":\"flowLogs\"}],\"type\":\"Microsoft.Network/networkWatchers\"}]}},\"resourceGroup\":\"NetworkWatcherRG\",\"type\":\"Microsoft.Resources/deployments\"}],\"variables\":{\"resourceGroupName\":\"[split(parameters('networkSecurityGroup'), '/')[4]]\",\"securityGroupName\":\"[split(parameters('networkSecurityGroup'), '/')[8]]\",\"storageAccountName\":\"[concat('es', uniqueString(variables('securityGroupName'), parameters('time')))]\"}}}},\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Network/networkWatchers/flowLogs/enabled\"}]},\"existenceScope\":\"resourceGroup\",\"name\":\"[if(empty(coalesce(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id'))), 'null/null', concat(split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[8], '/', split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[10]))]\",\"resourceGroupName\":\"[if(empty(coalesce(field('Microsoft.Network/networkSecurityGroups/flowLogs'))), 'NetworkWatcherRG', split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[4])]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12\",\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Network/networkWatchers/flowlogs\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "Azure Database for PostgreSQL server deploy a specific min TLS version requirement and enforce SSL ",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-PostgreSQL-sslEnforcement",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure Database for PostgreSQL server\",\"displayName\":\"Effect Azure Database for PostgreSQL server\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for PostgreSQL server to enforce\",\"displayName\":\"Select version for PostgreSQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforPostgreSQL/servers\",\"field\":\"type\"},{\"anyOf\":[{\"field\":\"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\"notEquals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('minimalTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimalTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-12-01\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimalTlsVersion\":\"[parameters('minimalTlsVersion')]\",\"sslEnforcement\":\"[if(equals(parameters('minimalTlsVersion'), 'TLSEnforcementDisabled'),'Disabled', 'Enabled')]\"},\"type\":\"Microsoft.DBforPostgreSQL/servers\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"Enabled\",\"field\":\"Microsoft.DBforPostgreSQL/servers/sslEnforcement\"},{\"equals\":\"[parameters('minimalTlsVersion')]\",\"field\":\"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\"}]},\"name\":\"current\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.DBforPostgreSQL/servers\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "SQL servers deploys a specific min TLS version requirement.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-SQL-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version SQL servers\",\"displayName\":\"Effect SQL servers\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version SQL servers to enforce\",\"displayName\":\"Select version for SQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/servers\",\"field\":\"type\"},{\"field\":\"Microsoft.Sql/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('minimalTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimalTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2019-06-01-preview\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimalTlsVersion\":\"[parameters('minimalTlsVersion')]\"},\"type\":\"Microsoft.Sql/servers\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('minimalTlsVersion')]\",\"field\":\"Microsoft.Sql/servers/minimalTlsVersion\"}]},\"name\":\"current\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437\"],\"type\":\"Microsoft.Sql/servers\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy auditing settings to SQL Database when it not exist in the deployment",
- "display_name": "Deploy SQL database auditing settings",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-AuditingSettings",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-03-01-preview\",\"name\":\"[concat( parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\"properties\":{\"auditActionsAndGroups\":[\"BATCH_COMPLETED_GROUP\",\"DATABASE_OBJECT_CHANGE_GROUP\",\"SCHEMA_OBJECT_CHANGE_GROUP\",\"BACKUP_RESTORE_GROUP\",\"APPLICATION_ROLE_CHANGE_PASSWORD_GROUP\",\"DATABASE_PRINCIPAL_CHANGE_GROUP\",\"DATABASE_PRINCIPAL_IMPERSONATION_GROUP\",\"DATABASE_ROLE_MEMBER_CHANGE_GROUP\",\"USER_CHANGE_PASSWORD_GROUP\",\"DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\",\"DATABASE_OBJECT_PERMISSION_CHANGE_GROUP\",\"DATABASE_PERMISSION_CHANGE_GROUP\",\"SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\",\"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\",\"FAILED_DATABASE_AUTHENTICATION_GROUP\"],\"isAzureMonitorTargetEnabled\":true,\"state\":\"enabled\"},\"type\":\"Microsoft.Sql/servers/databases/auditingSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"enabled\",\"field\":\"Microsoft.Sql/servers/databases/auditingSettings/state\"},{\"equals\":\"true\",\"field\":\"Microsoft.Sql/servers/databases/auditingSettings/isAzureMonitorTargetEnabled\"}]},\"name\":\"default\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"type\":\"Microsoft.Sql/servers/databases/auditingSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration",
- "display_name": "Deploy SQL Database security Alert Policies configuration with email admin accounts",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.1\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-SecurityAlertPolicies",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"emailAddresses\":{\"defaultValue\":[\"admin@contoso.com\",\"admin@fabrikam.com\"],\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"emailAddresses\":{\"value\":\"[parameters('emailAddresses')]\"},\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"emailAddresses\":{\"type\":\"Array\"},\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2018-06-01-preview\",\"name\":\"[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\"properties\":{\"disabledAlerts\":[\"\"],\"emailAccountAdmins\":true,\"emailAddresses\":\"[parameters('emailAddresses')]\",\"retentionDays\":0,\"state\":\"Enabled\",\"storageAccountAccessKey\":\"\",\"storageEndpoint\":null},\"type\":\"Microsoft.Sql/servers/databases/securityAlertPolicies\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"Enabled\",\"field\":\"Microsoft.Sql/servers/databases/securityAlertPolicies/state\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"type\":\"Microsoft.Sql/servers/databases/securityAlertPolicies\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy the Transparent Data Encryption when it is not enabled in the deployment. Please use this policy instead https://www.azadvertizer.net/azpolicyadvertizer/86a912f6-9a06-4e26-b447-11b16ba8659f.html",
- "display_name": "[Deprecated] Deploy SQL Database Transparent Data Encryption",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"86a912f6-9a06-4e26-b447-11b16ba8659f\",\"version\":\"1.1.1-deprecated\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-Tde",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedDatabases\":{\"defaultValue\":[\"master\",\"model\",\"tempdb\",\"msdb\",\"resource\"],\"metadata\":{\"description\":\"Array of databases that are excluded from this policy\",\"displayName\":\"Excluded Databases\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},{\"field\":\"name\",\"notIn\":\"[parameters('excludedDatabases')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2014-04-01\",\"name\":\"[concat( parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/current')]\",\"properties\":{\"status\":\"Enabled\"},\"type\":\"Microsoft.Sql/servers/databases/transparentDataEncryption\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"Enabled\",\"field\":\"Microsoft.Sql/transparentDataEncryption.status\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"type\":\"Microsoft.Sql/servers/databases/transparentDataEncryption\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy SQL Database vulnerability Assessments when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Sql-vulnerabilityAssessments_20230706.html",
- "display_name": "[Deprecated]: Deploy SQL Database vulnerability Assessments",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"Deploy-Sql-vulnerabilityAssessments_20230706\",\"version\":\"1.0.1-deprecated\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-vulnerabilityAssessments",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"metadata\":{\"description\":\"The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'\",\"displayName\":\"The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'\"},\"type\":\"String\"},\"vulnerabilityAssessmentsStorageID\":{\"metadata\":{\"description\":\"The storage account ID to store assessments\",\"displayName\":\"The storage account ID to store assessments\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"},\"vulnerabilityAssessmentsEmail\":{\"value\":\"[parameters('vulnerabilityAssessmentsEmail')]\"},\"vulnerabilityAssessmentsStorageID\":{\"value\":\"[parameters('vulnerabilityAssessmentsStorageID')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"type\":\"String\"},\"vulnerabilityAssessmentsStorageID\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-03-01-preview\",\"name\":\"[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\"properties\":{\"recurringScans\":{\"emailSubscriptionAdmins\":false,\"emails\":[\"[parameters('vulnerabilityAssessmentsEmail')]\"],\"isEnabled\":true},\"storageAccountAccessKey\":\"[listkeys(parameters('vulnerabilityAssessmentsStorageID'), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]\",\"storageContainerPath\":\"[concat('https://', last( split(parameters('vulnerabilityAssessmentsStorageID') , '/') ) , '.blob.core.windows.net/vulneraabilitylogs')]\"},\"type\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('vulnerabilityAssessmentsEmail')]\",\"field\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails\"},{\"equals\":true,\"field\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.isEnabled\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"type\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy SQL Database Vulnerability Assessments when it does not exist in the deployment, and save results to the storage account specified in the parameters.",
- "display_name": "Deploy SQL Database Vulnerability Assessments",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"replacesPolicy\":\"Deploy-Sql-vulnerabilityAssessments\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-vulnerabilityAssessments_20230706",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"metadata\":{\"description\":\"The email address(es) to send alerts.\",\"displayName\":\"The email address(es) to send alerts.\"},\"type\":\"Array\"},\"vulnerabilityAssessmentsStorageID\":{\"metadata\":{\"description\":\"The storage account ID to store assessments\",\"displayName\":\"The storage account ID to store assessments\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"},\"vulnerabilityAssessmentsEmail\":{\"value\":\"[parameters('vulnerabilityAssessmentsEmail')]\"},\"vulnerabilityAssessmentsStorageID\":{\"value\":\"[parameters('vulnerabilityAssessmentsStorageID')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"type\":\"Array\"},\"vulnerabilityAssessmentsStorageID\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-03-01-preview\",\"name\":\"[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\"properties\":{\"recurringScans\":{\"emailSubscriptionAdmins\":false,\"emails\":\"[parameters('vulnerabilityAssessmentsEmail')]\",\"isEnabled\":true},\"storageAccountAccessKey\":\"[listkeys(parameters('vulnerabilityAssessmentsStorageID'), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]\",\"storageContainerPath\":\"[concat('https://', last( split(parameters('vulnerabilityAssessmentsStorageID') , '/') ) , '.blob.core.windows.net/vulneraabilitylogs')]\"},\"type\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"count\":{\"field\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails[*]\",\"where\":{\"notIn\":\"[parameters('vulnerabilityAssessmentsEmail')]\",\"value\":\"current(Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails[*])\"}},\"greater\":0},{\"equals\":true,\"field\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.isEnabled\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"type\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a specific min TLS version requirement and enforce SSL on SQL managed instances. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "SQL managed instances deploy a specific min TLS version requirement.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-SqlMi-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version SQL servers\",\"displayName\":\"Effect SQL servers\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version SQL servers to enforce\",\"displayName\":\"Select version for SQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/managedInstances\",\"field\":\"type\"},{\"field\":\"Microsoft.Sql/managedInstances/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('minimalTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimalTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2020-02-02-preview\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimalTlsVersion\":\"[parameters('minimalTlsVersion')]\"},\"type\":\"Microsoft.Sql/managedInstances\"}],\"variables\":{}}}},\"evaluationDelay\":\"AfterProvisioningSuccess\",\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('minimalTlsVersion')]\",\"field\":\"Microsoft.Sql/managedInstances/minimalTlsVersion\"}]},\"name\":\"current\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d\"],\"type\":\"Microsoft.Sql/managedInstances\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Storage. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your Azure Storage.",
- "display_name": "Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS ",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Storage-sslEnforcement",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure STorage\",\"displayName\":\"Effect Azure Storage\"},\"type\":\"String\"},\"minimumTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_1\",\"TLS1_0\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure STorage to enforce\",\"displayName\":\"Select TLS version for Azure Storage server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts\",\"field\":\"type\"},{\"anyOf\":[{\"field\":\"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\"notEquals\":\"[parameters('minimumTlsVersion')]\"}]}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('minimumTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimumTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2019-06-01\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimumTlsVersion\":\"[parameters('minimumTlsVersion')]\",\"supportsHttpsTrafficOnly\":true},\"type\":\"Microsoft.Storage/storageAccounts\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\"},{\"equals\":\"[parameters('minimumTlsVersion')]\",\"field\":\"Microsoft.Storage/storageAccounts/minimumTlsVersion\"}]},\"name\":\"current\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"type\":\"Microsoft.Storage/storageAccounts\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-VNET-HubSpoke\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-VNET-HubSpoke",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy deploys virtual network and peer to the hub",
- "display_name": "Deploy Virtual Network with peering to the hub",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Deploy-VNET-HubSpoke",
- "parameters": "{\"dnsServers\":{\"defaultValue\":[],\"metadata\":{\"description\":\"Default domain servers for the vNET.\",\"displayName\":\"DNSServers\"},\"type\":\"Array\"},\"hubResourceId\":{\"metadata\":{\"description\":\"Resource ID for the HUB vNet\",\"displayName\":\"hubResourceId\"},\"type\":\"String\"},\"vNetCidrRange\":{\"metadata\":{\"description\":\"CIDR Range for the vNet\",\"displayName\":\"vNetCidrRange\"},\"type\":\"String\"},\"vNetLocation\":{\"metadata\":{\"description\":\"Location for the vNet\",\"displayName\":\"vNetLocation\"},\"type\":\"String\"},\"vNetName\":{\"metadata\":{\"description\":\"Name of the landing zone vNet\",\"displayName\":\"vNetName\"},\"type\":\"String\"},\"vNetPeerUseRemoteGateway\":{\"defaultValue\":false,\"metadata\":{\"description\":\"Enable gateway transit for the LZ network\",\"displayName\":\"vNetPeerUseRemoteGateway\"},\"type\":\"Boolean\"},\"vNetRgName\":{\"metadata\":{\"description\":\"Name of the landing zone vNet RG\",\"displayName\":\"vNetRgName\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"ResourceGroupName\":\"[parameters('vNetRgName')]\",\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"dnsServers\":{\"value\":\"[parameters('dnsServers')]\"},\"hubResourceId\":{\"value\":\"[parameters('hubResourceId')]\"},\"vNetCidrRange\":{\"value\":\"[parameters('vNetCidrRange')]\"},\"vNetLocation\":{\"value\":\"[parameters('vNetLocation')]\"},\"vNetName\":{\"value\":\"[parameters('vNetName')]\"},\"vNetPeerUseRemoteGateway\":{\"value\":\"[parameters('vNetPeerUseRemoteGateway')]\"},\"vNetRgName\":{\"value\":\"[parameters('vNetRgName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"dnsServers\":{\"defaultValue\":[],\"type\":\"Array\"},\"hubResourceId\":{\"type\":\"String\"},\"vNetCidrRange\":{\"type\":\"String\"},\"vNetLocation\":{\"type\":\"String\"},\"vNetName\":{\"type\":\"String\"},\"vNetPeerUseRemoteGateway\":{\"defaultValue\":false,\"type\":\"bool\"},\"vNetRgName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2021-04-01\",\"dependsOn\":[],\"location\":\"[parameters('vNetLocation')]\",\"name\":\"[concat('alz-vnet-rg-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{},\"resources\":[{\"apiVersion\":\"2021-04-01\",\"location\":\"[parameters('vNetLocation')]\",\"name\":\"[parameters('vNetRgName')]\",\"properties\":{},\"type\":\"Microsoft.Resources/resourceGroups\"}],\"variables\":{}}},\"type\":\"Microsoft.Resources/deployments\"},{\"apiVersion\":\"2021-04-01\",\"dependsOn\":[\"[concat('alz-vnet-rg-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\"],\"name\":\"[concat('alz-vnet-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{},\"resources\":[{\"apiVersion\":\"2021-02-01\",\"dependsOn\":[],\"location\":\"[parameters('vNetLocation')]\",\"name\":\"[parameters('vNetName')]\",\"properties\":{\"addressSpace\":{\"addressPrefixes\":[\"[parameters('vNetCidrRange')]\"]},\"dhcpOptions\":{\"dnsServers\":\"[parameters('dnsServers')]\"}},\"type\":\"Microsoft.Network/virtualNetworks\"},{\"apiVersion\":\"2021-02-01\",\"dependsOn\":[\"[parameters('vNetName')]\"],\"name\":\"[concat(parameters('vNetName'), '/peerToHub')]\",\"properties\":{\"allowForwardedTraffic\":true,\"allowGatewayTransit\":false,\"allowVirtualNetworkAccess\":true,\"remoteVirtualNetwork\":{\"id\":\"[parameters('hubResourceId')]\"},\"useRemoteGateways\":\"[parameters('vNetPeerUseRemoteGateway')]\"},\"type\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\"},{\"apiVersion\":\"2021-04-01\",\"dependsOn\":[\"[parameters('vNetName')]\"],\"name\":\"[concat('alz-hub-peering-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\"properties\":{\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"mode\":\"Incremental\",\"parameters\":{\"hubName\":{\"value\":\"[split(parameters('hubResourceId'),'/')[8]]\"},\"remoteVirtualNetwork\":{\"value\":\"[concat(subscription().id,'/resourceGroups/',parameters('vNetRgName'), '/providers/','Microsoft.Network/virtualNetworks/', parameters('vNetName'))]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"hubName\":{\"defaultValue\":false,\"type\":\"String\"},\"remoteVirtualNetwork\":{\"defaultValue\":false,\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2021-02-01\",\"name\":\"[[concat(parameters('hubName'),'/',last(split(parameters('remoteVirtualNetwork'),'/')))]\",\"properties\":{\"allowForwardedTraffic\":true,\"allowGatewayTransit\":true,\"allowVirtualNetworkAccess\":true,\"remoteVirtualNetwork\":{\"id\":\"[[parameters('remoteVirtualNetwork')]\"},\"useRemoteGateways\":false},\"type\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\"}],\"variables\":{}}},\"resourceGroup\":\"[split(parameters('hubResourceId'),'/')[4]]\",\"subscriptionId\":\"[split(parameters('hubResourceId'),'/')[2]]\",\"type\":\"Microsoft.Resources/deployments\"}],\"variables\":{}}},\"resourceGroup\":\"[parameters('vNetRgName')]\",\"type\":\"Microsoft.Resources/deployments\"}],\"variables\":{}}}},\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"name\",\"like\":\"[parameters('vNetName')]\"},{\"equals\":\"[parameters('vNetLocation')]\",\"field\":\"location\"}]},\"existenceScope\":\"resourceGroup\",\"name\":\"[parameters('vNetName')]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Network/virtualNetworks\"},\"effect\":\"deployIfNotExists\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys an auto shutdown schedule to a virtual machine",
- "display_name": "Deploy Virtual Machine Auto Shutdown Schedule",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Compute\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Vm-autoShutdown",
- "parameters": "{\"EnableNotification\":{\"allowedValues\":[\"Disabled\",\"Enabled\"],\"defaultValue\":\"Disabled\",\"metadata\":{\"description\":\"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\",\"displayName\":\"Send Notification before auto-shutdown\"},\"type\":\"string\"},\"NotificationEmailRecipient\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Email address to be used for notification\",\"displayName\":\"Email Address\"},\"type\":\"string\"},\"NotificationWebhookUrl\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\",\"displayName\":\"Webhook URL\"},\"type\":\"string\"},\"time\":{\"defaultValue\":\"0000\",\"metadata\":{\"description\":\"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\",\"displayName\":\"Scheduled Shutdown Time\"},\"type\":\"String\"},\"timeZoneId\":{\"defaultValue\":\"UTC\",\"metadata\":{\"description\":\"The time zone ID (e.g. Pacific Standard time).\",\"displayName\":\"Time zone\"},\"type\":\"string\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Compute/virtualMachines\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"EnableNotification\":{\"value\":\"[parameters('EnableNotification')]\"},\"NotificationEmailRecipient\":{\"value\":\"[parameters('NotificationEmailRecipient')]\"},\"NotificationWebhookUrl\":{\"value\":\"[parameters('NotificationWebhookUrl')]\"},\"location\":{\"value\":\"[field('location')]\"},\"time\":{\"value\":\"[parameters('time')]\"},\"timeZoneId\":{\"value\":\"[parameters('timeZoneId')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"EnableNotification\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"},\"type\":\"string\"},\"NotificationEmailRecipient\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Email address to be used for notification\"},\"type\":\"string\"},\"NotificationWebhookUrl\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"},\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"time\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"},\"type\":\"string\"},\"timeZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"The time zone ID (e.g. Pacific Standard time).\"},\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"resources\":[{\"apiVersion\":\"2018-09-15\",\"location\":\"[parameters('location')]\",\"name\":\"[concat('shutdown-computevm-',parameters('vmName'))]\",\"properties\":{\"dailyRecurrence\":{\"time\":\"[parameters('time')]\"},\"notificationSettings\":{\"emailRecipient\":\"[parameters('NotificationEmailRecipient')]\",\"notificationLocale\":\"en\",\"status\":\"[parameters('EnableNotification')]\",\"timeInMinutes\":30,\"webhookUrl\":\"[parameters('NotificationWebhookUrl')]\"},\"status\":\"Enabled\",\"targetResourceId\":\"[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]\",\"taskType\":\"ComputeVmShutdownTask\",\"timeZoneId\":\"[parameters('timeZoneId')]\"},\"type\":\"Microsoft.DevTestLab/schedules\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"ComputeVmShutdownTask\",\"field\":\"Microsoft.DevTestLab/schedules/taskType\"},{\"equals\":\"[concat(resourceGroup().id,'/providers/Microsoft.Compute/virtualMachines/',field('name'))]\",\"field\":\"Microsoft.DevTestLab/schedules/targetResourceId\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.DevTestLab/schedules\"},\"effect\":\"deployIfNotExists\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Windows-DomainJoin\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Windows-DomainJoin",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Windows Domain Join Extension with keyvault configuration when the extension does not exist on a given windows Virtual Machine",
- "display_name": "Deploy Windows Domain Join Extension with keyvault configuration",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Guest Configuration\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Windows-DomainJoin",
- "parameters": "{\"domainFQDN\":{\"metadata\":{\"displayName\":\"domainFQDN\"},\"type\":\"String\"},\"domainOUPath\":{\"metadata\":{\"displayName\":\"domainOUPath\"},\"type\":\"String\"},\"domainPassword\":{\"metadata\":{\"displayName\":\"domainPassword\"},\"type\":\"String\"},\"domainUsername\":{\"metadata\":{\"displayName\":\"domainUsername\"},\"type\":\"String\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"keyVaultResourceId\":{\"metadata\":{\"displayName\":\"keyVaultResourceId\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Compute/virtualMachines\",\"field\":\"type\"},{\"equals\":\"MicrosoftWindowsServer\",\"field\":\"Microsoft.Compute/imagePublisher\"},{\"equals\":\"WindowsServer\",\"field\":\"Microsoft.Compute/imageOffer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2008-R2-SP1-zhcn\",\"2012-Datacenter\",\"2012-datacenter-gensecond\",\"2012-Datacenter-smalldisk\",\"2012-datacenter-smalldisk-g2\",\"2012-Datacenter-zhcn\",\"2012-datacenter-zhcn-g2\",\"2012-R2-Datacenter\",\"2012-r2-datacenter-gensecond\",\"2012-R2-Datacenter-smalldisk\",\"2012-r2-datacenter-smalldisk-g2\",\"2012-R2-Datacenter-zhcn\",\"2012-r2-datacenter-zhcn-g2\",\"2016-Datacenter\",\"2016-datacenter-gensecond\",\"2016-datacenter-gs\",\"2016-Datacenter-Server-Core\",\"2016-datacenter-server-core-g2\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-datacenter-server-core-smalldisk-g2\",\"2016-Datacenter-smalldisk\",\"2016-datacenter-smalldisk-g2\",\"2016-Datacenter-with-Containers\",\"2016-datacenter-with-containers-g2\",\"2016-Datacenter-with-RDSH\",\"2016-Datacenter-zhcn\",\"2016-datacenter-zhcn-g2\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-datacenter-core-g2\",\"2019-Datacenter-Core-smalldisk\",\"2019-datacenter-core-smalldisk-g2\",\"2019-Datacenter-Core-with-Containers\",\"2019-datacenter-core-with-containers-g2\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-datacenter-core-with-containers-smalldisk-g2\",\"2019-datacenter-gensecond\",\"2019-datacenter-gs\",\"2019-Datacenter-smalldisk\",\"2019-datacenter-smalldisk-g2\",\"2019-Datacenter-with-Containers\",\"2019-datacenter-with-containers-g2\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-datacenter-with-containers-smalldisk-g2\",\"2019-Datacenter-zhcn\",\"2019-datacenter-zhcn-g2\",\"Datacenter-Core-1803-with-Containers-smalldisk\",\"datacenter-core-1803-with-containers-smalldisk-g2\",\"Datacenter-Core-1809-with-Containers-smalldisk\",\"datacenter-core-1809-with-containers-smalldisk-g2\",\"Datacenter-Core-1903-with-Containers-smalldisk\",\"datacenter-core-1903-with-containers-smalldisk-g2\",\"datacenter-core-1909-with-containers-smalldisk\",\"datacenter-core-1909-with-containers-smalldisk-g1\",\"datacenter-core-1909-with-containers-smalldisk-g2\"]}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"domainFQDN\":{\"value\":\"[parameters('domainFQDN')]\"},\"domainOUPath\":{\"value\":\"[parameters('domainOUPath')]\"},\"domainPassword\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('domainPassword')]\"}},\"domainUsername\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('domainUsername')]\"}},\"keyVaultResourceId\":{\"value\":\"[parameters('keyVaultResourceId')]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"domainFQDN\":{\"type\":\"String\"},\"domainOUPath\":{\"type\":\"String\"},\"domainPassword\":{\"type\":\"securestring\"},\"domainUsername\":{\"type\":\"String\"},\"keyVaultResourceId\":{\"type\":\"String\"},\"location\":{\"type\":\"String\"},\"vmName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2015-06-15\",\"location\":\"[resourceGroup().location]\",\"name\":\"[concat(variables('vmName'),'/joindomain')]\",\"properties\":{\"autoUpgradeMinorVersion\":true,\"protectedSettings\":{\"Password\":\"[parameters('domainPassword')]\"},\"publisher\":\"Microsoft.Compute\",\"settings\":{\"Name\":\"[parameters('domainFQDN')]\",\"OUPath\":\"[parameters('domainOUPath')]\",\"Options\":\"[variables('domainJoinOptions')]\",\"Restart\":\"true\",\"User\":\"[parameters('domainUserName')]\"},\"type\":\"JsonADDomainExtension\",\"typeHandlerVersion\":\"1.3\"},\"type\":\"Microsoft.Compute/virtualMachines/extensions\"}],\"variables\":{\"domainJoinOptions\":3,\"vmName\":\"[parameters('vmName')]\"}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"JsonADDomainExtension\",\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\"},{\"equals\":\"Microsoft.Compute\",\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.Compute/virtualMachines/extensions\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Audit-UnusedResourcesCostOptimization\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Audit-UnusedResourcesCostOptimization",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by detecting unused but chargeable resources. Leverage this Azure Policy Initiative as a cost control tool to reveal orphaned resources that are contributing cost.",
- "display_name": "Unused resources driving cost should be avoided",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "name": "Audit-UnusedResourcesCostOptimization",
- "parameters": "{\"effectDisks\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy for Microsoft.Compute/disks\",\"displayName\":\"Disks Effect\"},\"type\":\"String\"},\"effectPublicIpAddresses\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy for Microsoft.Network/publicIpAddresses\",\"displayName\":\"PublicIpAddresses Effect\"},\"type\":\"String\"},\"effectServerFarms\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy for Microsoft.Web/serverfarms\",\"displayName\":\"ServerFarms Effect\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectDisks')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization",
- "policy_group_names": null,
- "reference_id": "AuditDisksUnusedResourcesCostOptimization"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectPublicIpAddresses')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization",
- "policy_group_names": null,
- "reference_id": "AuditPublicIpAddressesUnusedResourcesCostOptimization"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectServerFarms')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization",
- "policy_group_names": null,
- "reference_id": "AuditServerFarmsUnusedResourcesCostOptimization"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"Audit\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit",
- "policy_group_names": null,
- "reference_id": "AuditAzureHybridBenefitUnusedResourcesCostOptimization"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints",
- "display_name": "Public network access should be disabled for PaaS services",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"3.1.0\"}",
- "name": "Deny-PublicPaaSEndpoints",
- "parameters": "{\"ACRPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies the creation of Azure Container Registires with exposed public endpoints \",\"displayName\":\"Public network access on Azure Container Registry disabled\"},\"type\":\"String\"},\"AFSPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies the creation of Azure File Sync instances with exposed public endpoints \",\"displayName\":\"Public network access on Azure File Sync disabled\"},\"type\":\"String\"},\"AKSPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies the creation of Azure Kubernetes Service non-private clusters\",\"displayName\":\"Public network access on AKS API should be disabled\"},\"type\":\"String\"},\"ApiManPublicIpDenyEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"This policy denies creation of API Management services with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for API Management services\"},\"type\":\"String\"},\"AppConfigPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of App Configuration with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for App Configuration\"},\"type\":\"String\"},\"AsPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of App Service apps with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for App Service apps\"},\"type\":\"String\"},\"AsePublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of App Service Environment apps with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for App Service Environment apps\"},\"type\":\"String\"},\"AutomationPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be seet to 'isolated only' mode\",\"displayName\":\"Public network access should be disabled for Automation accounts\"},\"type\":\"String\"},\"BatchPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Azure Batch Instances with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Azure Batch Instances\"},\"type\":\"String\"},\"BotServicePublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Bot Service with exposed public endpoints. Bots should be seet to 'isolated only' mode\",\"displayName\":\"Public network access should be disabled for Bot Service\"},\"type\":\"String\"},\"CosmosPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies that Cosmos database accounts are created with out public network access is disabled.\",\"displayName\":\"Public network access should be disabled for CosmosDB\"},\"type\":\"String\"},\"FunctionPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Function apps with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Function apps\"},\"type\":\"String\"},\"KeyVaultPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\",\"displayName\":\"Public network access should be disabled for KeyVault\"},\"type\":\"String\"},\"MariaDbPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Azure MariaDB with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Azure MariaDB\"},\"type\":\"String\"},\"MlPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Azure Machine Learning with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Azure Machine Learning\"},\"type\":\"String\"},\"MySQLFlexPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for MySQL Flexible Server\"},\"type\":\"String\"},\"PostgreSQLFlexPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Postgre SQL Flexible DB accounts with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for PostgreSql Flexible Server\"},\"type\":\"String\"},\"RedisCachePublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Azure Cache for Redis with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Azure Cache for Redis\"},\"type\":\"String\"},\"SqlServerPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Sql servers with exposed public endpoints\",\"displayName\":\"Public network access on Azure SQL Database should be disabled\"},\"type\":\"String\"},\"StoragePublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\",\"displayName\":\"Public network access onStorage accounts should be disabled\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CosmosPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a",
- "policy_group_names": null,
- "reference_id": "CosmosDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('KeyVaultPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b",
- "policy_group_names": null,
- "reference_id": "KeyVaultDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlServerPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780",
- "policy_group_names": null,
- "reference_id": "SqlServerDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StoragePublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693",
- "policy_group_names": null,
- "reference_id": "StorageDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AKSPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8",
- "policy_group_names": null,
- "reference_id": "AKSDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ACRPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f",
- "policy_group_names": null,
- "reference_id": "ACRDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AFSPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7",
- "policy_group_names": null,
- "reference_id": "AFSDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48",
- "policy_group_names": null,
- "reference_id": "PostgreSQLFlexDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLFlexPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052",
- "policy_group_names": null,
- "reference_id": "MySQLFlexDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('BatchPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488",
- "policy_group_names": null,
- "reference_id": "BatchDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MariaDbPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077",
- "policy_group_names": null,
- "reference_id": "MariaDbDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MlPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce",
- "policy_group_names": null,
- "reference_id": "MlDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisCachePublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663",
- "policy_group_names": null,
- "reference_id": "RedisCacheDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('BotServicePublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d",
- "policy_group_names": null,
- "reference_id": "BotServiceDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AutomationPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6",
- "policy_group_names": null,
- "reference_id": "AutomationDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppConfigPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187",
- "policy_group_names": null,
- "reference_id": "AppConfigDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FunctionPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127",
- "policy_group_names": null,
- "reference_id": "FunctionDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AsePublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3",
- "policy_group_names": null,
- "reference_id": "AseDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AsPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba",
- "policy_group_names": null,
- "reference_id": "AsDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ApiManPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd",
- "policy_group_names": null,
- "reference_id": "ApiManDenyPublicIP"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.",
- "display_name": "DenyAction Delete - Activity Log Settings and Diagnostic Settings",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "DenyAction-DeleteProtection",
- "parameters": null,
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs",
- "policy_group_names": null,
- "reference_id": "DenyActionDelete-DiagnosticSettings"
- },
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs",
- "policy_group_names": null,
- "reference_id": "DenyActionDelete-ActivityLogSettings"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included ",
- "display_name": "Deploy Diagnostic Settings to Azure Services",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.2.0\"}",
- "name": "Deploy-Diagnostics-LogAnalytics",
- "parameters": "{\"ACILogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\",\"displayName\":\"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\"},\"type\":\"String\"},\"ACRLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics enabled.\",\"displayName\":\"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\"},\"type\":\"String\"},\"AKSLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\",\"displayName\":\"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\"},\"type\":\"String\"},\"APIMgmtLogAnalyticsDestinationType\":{\"allowedValues\":[\"AzureDiagnostics\",\"Dedicated\"],\"defaultValue\":\"AzureDiagnostics\",\"metadata\":{\"description\":\"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\",\"displayName\":\"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\"},\"type\":\"String\"},\"APIMgmtLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for API Management to Log Analytics workspace\"},\"type\":\"String\"},\"APIforFHIRLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\"},\"type\":\"String\"},\"AVDScalingPlansLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\"},\"type\":\"String\"},\"AnalysisServiceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\"},\"type\":\"String\"},\"AppServiceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\"},\"type\":\"String\"},\"AppServiceWebappLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for App Service to Log Analytics workspace\"},\"type\":\"String\"},\"ApplicationGatewayLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\"},\"type\":\"String\"},\"AutomationLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Automation to Log Analytics workspace\"},\"type\":\"String\"},\"BastionLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\"},\"type\":\"String\"},\"BatchLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Batch to Log Analytics workspace\"},\"type\":\"String\"},\"CDNEndpointsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\"},\"type\":\"String\"},\"CognitiveServicesLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\"},\"type\":\"String\"},\"CosmosLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\"},\"type\":\"String\"},\"DataExplorerClusterLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\"},\"type\":\"String\"},\"DataFactoryLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\"},\"type\":\"String\"},\"DataLakeAnalyticsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\"},\"type\":\"String\"},\"DataLakeStoreLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\"},\"type\":\"String\"},\"DatabricksLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\"},\"type\":\"String\"},\"EventGridSubLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\"},\"type\":\"String\"},\"EventGridTopicLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\"},\"type\":\"String\"},\"EventHubLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\"},\"type\":\"String\"},\"EventSystemTopicLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\"},\"type\":\"String\"},\"ExpressRouteLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\"},\"type\":\"String\"},\"FirewallLogAnalyticsDestinationType\":{\"allowedValues\":[\"AzureDiagnostics\",\"Dedicated\"],\"defaultValue\":\"AzureDiagnostics\",\"metadata\":{\"description\":\"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\",\"displayName\":\"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\"},\"type\":\"String\"},\"FirewallLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\"},\"type\":\"String\"},\"FrontDoorLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\"},\"type\":\"String\"},\"FunctionAppLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\"},\"type\":\"String\"},\"HDInsightLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\"},\"type\":\"String\"},\"IotHubLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\"},\"type\":\"String\"},\"KeyVaultLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\"},\"type\":\"String\"},\"LoadBalancerLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\"},\"type\":\"String\"},\"LogAnalyticsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\",\"displayName\":\"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\"},\"type\":\"String\"},\"LogicAppsISELogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\"},\"type\":\"String\"},\"LogicAppsWFLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\"},\"type\":\"String\"},\"MariaDBLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\"},\"type\":\"String\"},\"MediaServiceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\"},\"type\":\"String\"},\"MlWorkspaceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\"},\"type\":\"String\"},\"MySQLLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\"},\"type\":\"String\"},\"NetworkNICLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\"},\"type\":\"String\"},\"NetworkPublicIPNicLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\"},\"type\":\"String\"},\"NetworkSecurityGroupsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\"},\"type\":\"String\"},\"PostgreSQLLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\"},\"type\":\"String\"},\"PowerBIEmbeddedLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\"},\"type\":\"String\"},\"RedisCacheLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\"},\"type\":\"String\"},\"RelayLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Relay to Log Analytics workspace\"},\"type\":\"String\"},\"SQLDBsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace\"},\"type\":\"String\"},\"SQLElasticPoolsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\"},\"type\":\"String\"},\"SQLMLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\"},\"type\":\"String\"},\"SearchServicesLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\"},\"type\":\"String\"},\"ServiceBusLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace\"},\"type\":\"String\"},\"SignalRLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\"},\"type\":\"String\"},\"StorageAccountsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\"},\"type\":\"String\"},\"StreamAnalyticsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\"},\"type\":\"String\"},\"TimeSeriesInsightsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\"},\"type\":\"String\"},\"TrafficManagerLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\"},\"type\":\"String\"},\"VMSSLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Virtual Machine Scale Sets to stream to a Log Analytics workspace when any Virtual Machine Scale Sets which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\"},\"type\":\"String\"},\"VNetGWLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\",\"displayName\":\"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\"},\"type\":\"String\"},\"VWanS2SVPNGWLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\"},\"type\":\"String\"},\"VirtualMachinesLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\"},\"type\":\"String\"},\"VirtualNetworkLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\"},\"type\":\"String\"},\"WVDAppGroupsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\"},\"type\":\"String\"},\"WVDHostPoolsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\"},\"type\":\"String\"},\"WVDWorkspaceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef",
- "policy_group_names": null,
- "reference_id": "StorageAccountDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb",
- "policy_group_names": null,
- "reference_id": "StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96",
- "policy_group_names": null,
- "reference_id": "StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45",
- "policy_group_names": null,
- "reference_id": "StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0",
- "policy_group_names": null,
- "reference_id": "StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AVDScalingPlansLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans",
- "policy_group_names": null,
- "reference_id": "AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WVDAppGroupsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup",
- "policy_group_names": null,
- "reference_id": "WVDAppGroupDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WVDWorkspaceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace",
- "policy_group_names": null,
- "reference_id": "WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WVDHostPoolsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools",
- "policy_group_names": null,
- "reference_id": "WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ACILogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI",
- "policy_group_names": null,
- "reference_id": "ACIDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ACRLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR",
- "policy_group_names": null,
- "reference_id": "ACRDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('profileName')]\"},\"effect\":{\"value\":\"[parameters('AKSLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8",
- "policy_group_names": null,
- "reference_id": "AKSDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AnalysisServiceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService",
- "policy_group_names": null,
- "reference_id": "AnalysisServiceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('APIforFHIRLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR",
- "policy_group_names": null,
- "reference_id": "APIforFHIRDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('APIMgmtLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logAnalyticsDestinationType\":{\"value\":\"[parameters('APIMgmtLogAnalyticsDestinationType')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt",
- "policy_group_names": null,
- "reference_id": "APIMgmtDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ApplicationGatewayLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway",
- "policy_group_names": null,
- "reference_id": "ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AutomationLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA",
- "policy_group_names": null,
- "reference_id": "AutomationDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('BastionLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion",
- "policy_group_names": null,
- "reference_id": "BastionDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('BatchLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5",
- "policy_group_names": null,
- "reference_id": "BatchDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CDNEndpointsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints",
- "policy_group_names": null,
- "reference_id": "CDNEndpointsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CognitiveServicesLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices",
- "policy_group_names": null,
- "reference_id": "CognitiveServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CosmosLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB",
- "policy_group_names": null,
- "reference_id": "CosmosDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DatabricksLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks",
- "policy_group_names": null,
- "reference_id": "DatabricksDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataExplorerClusterLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster",
- "policy_group_names": null,
- "reference_id": "DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataFactoryLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory",
- "policy_group_names": null,
- "reference_id": "DataFactoryDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataLakeStoreLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03",
- "policy_group_names": null,
- "reference_id": "DataLakeStoreDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics",
- "policy_group_names": null,
- "reference_id": "DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EventGridSubLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub",
- "policy_group_names": null,
- "reference_id": "EventGridSubDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EventGridTopicLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic",
- "policy_group_names": null,
- "reference_id": "EventGridTopicDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EventHubLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579",
- "policy_group_names": null,
- "reference_id": "EventHubDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EventSystemTopicLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic",
- "policy_group_names": null,
- "reference_id": "EventSystemTopicDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ExpressRouteLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute",
- "policy_group_names": null,
- "reference_id": "ExpressRouteDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FirewallLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logAnalyticsDestinationType\":{\"value\":\"[parameters('FirewallLogAnalyticsDestinationType')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall",
- "policy_group_names": null,
- "reference_id": "FirewallDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FrontDoorLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor",
- "policy_group_names": null,
- "reference_id": "FrontDoorDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FunctionAppLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function",
- "policy_group_names": null,
- "reference_id": "FunctionAppDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('HDInsightLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight",
- "policy_group_names": null,
- "reference_id": "HDInsightDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('IotHubLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub",
- "policy_group_names": null,
- "reference_id": "IotHubDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('KeyVaultLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47",
- "policy_group_names": null,
- "reference_id": "KeyVaultDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('LoadBalancerLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer",
- "policy_group_names": null,
- "reference_id": "LoadBalancerDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('LogAnalyticsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics",
- "policy_group_names": null,
- "reference_id": "LogAnalyticsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('LogicAppsISELogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE",
- "policy_group_names": null,
- "reference_id": "LogicAppsISEDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('LogicAppsWFLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721",
- "policy_group_names": null,
- "reference_id": "LogicAppsWFDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MariaDBLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB",
- "policy_group_names": null,
- "reference_id": "MariaDBDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MediaServiceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService",
- "policy_group_names": null,
- "reference_id": "MediaServiceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MlWorkspaceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace",
- "policy_group_names": null,
- "reference_id": "MlWorkspaceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL",
- "policy_group_names": null,
- "reference_id": "MySQLDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups",
- "policy_group_names": null,
- "reference_id": "NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('NetworkNICLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC",
- "policy_group_names": null,
- "reference_id": "NetworkNICDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL",
- "policy_group_names": null,
- "reference_id": "PostgreSQLDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded",
- "policy_group_names": null,
- "reference_id": "PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"True\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648",
- "policy_group_names": null,
- "reference_id": "NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3",
- "policy_group_names": null,
- "reference_id": "RecoveryVaultDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisCacheLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache",
- "policy_group_names": null,
- "reference_id": "RedisCacheDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RelayLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay",
- "policy_group_names": null,
- "reference_id": "RelayDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SearchServicesLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d",
- "policy_group_names": null,
- "reference_id": "SearchServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ServiceBusLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e",
- "policy_group_names": null,
- "reference_id": "ServiceBusDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SignalRLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR",
- "policy_group_names": null,
- "reference_id": "SignalRDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('profileName')]\"},\"effect\":{\"value\":\"[parameters('SQLDBsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84",
- "policy_group_names": null,
- "reference_id": "SQLDatabaseDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools",
- "policy_group_names": null,
- "reference_id": "SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLMLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI",
- "policy_group_names": null,
- "reference_id": "SQLMDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StreamAnalyticsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673",
- "policy_group_names": null,
- "reference_id": "StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights",
- "policy_group_names": null,
- "reference_id": "TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('TrafficManagerLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager",
- "policy_group_names": null,
- "reference_id": "TrafficManagerDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VirtualNetworkLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork",
- "policy_group_names": null,
- "reference_id": "VirtualNetworkDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VirtualMachinesLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM",
- "policy_group_names": null,
- "reference_id": "VirtualMachinesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VMSSLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS",
- "policy_group_names": null,
- "reference_id": "VMSSDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VNetGWLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW",
- "policy_group_names": null,
- "reference_id": "VNetGWDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppServiceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm",
- "policy_group_names": null,
- "reference_id": "AppServiceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppServiceWebappLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website",
- "policy_group_names": null,
- "reference_id": "AppServiceWebappDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW",
- "policy_group_names": null,
- "reference_id": "VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Microsoft Defender for Cloud configuration",
- "display_name": "Deploy Microsoft Defender for Cloud configuration",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Security Center\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"6.0.1\"}",
- "name": "Deploy-MDFC-Config",
- "parameters": "{\"ascExportResourceGroupLocation\":{\"metadata\":{\"description\":\"The location where the resource group and the export to Log Analytics workspace configuration are created.\",\"displayName\":\"Resource Group location for the export to Log Analytics workspace configuration\"},\"type\":\"String\"},\"ascExportResourceGroupName\":{\"metadata\":{\"description\":\"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\",\"displayName\":\"Resource Group name for the export to Log Analytics workspace configuration\"},\"type\":\"String\"},\"emailSecurityContact\":{\"metadata\":{\"description\":\"Provide email address for Microsoft Defender for Cloud contact details\",\"displayName\":\"Security contacts email address\"},\"type\":\"string\"},\"enableAscForApis\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForAppServices\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForArm\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForContainers\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForCosmosDbs\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForCspm\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForDns\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForKeyVault\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForOssDb\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForServers\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForServersVulnerabilityAssessments\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForSql\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForSqlOnVm\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForStorage\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Primary Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"minimalSeverity\":{\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":\"High\",\"metadata\":{\"description\":\"Defines the minimal alert severity which will be sent as email notifications\",\"displayName\":\"Minimal severity\"},\"type\":\"string\"},\"vulnerabilityAssessmentProvider\":{\"allowedValues\":[\"default\",\"mdeTvm\"],\"defaultValue\":\"default\",\"metadata\":{\"description\":\"Select the vulnerability assessment solution to provision to machines.\",\"displayName\":\"Vulnerability assessment provider type\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForOssDb')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a",
- "policy_group_names": null,
- "reference_id": "defenderForOssDb"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForServers')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222",
- "policy_group_names": null,
- "reference_id": "defenderForVM"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForServersVulnerabilityAssessments')]\"},\"vaType\":{\"value\":\"[parameters('vulnerabilityAssessmentProvider')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b",
- "policy_group_names": null,
- "reference_id": "defenderForVMVulnerabilityAssessment"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForSqlOnVm')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3",
- "policy_group_names": null,
- "reference_id": "defenderForSqlServerVirtualMachines"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForAppServices')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d",
- "policy_group_names": null,
- "reference_id": "defenderForAppServices"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForStorage')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390",
- "policy_group_names": null,
- "reference_id": "defenderForStorageAccountsV2"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForContainers')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f",
- "policy_group_names": null,
- "reference_id": "defenderforContainers"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForContainers')]\"},\"logAnalyticsWorkspaceResourceId\":{\"value\":\"[parameters('logAnalytics')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5",
- "policy_group_names": null,
- "reference_id": "defenderforKubernetes"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForContainers')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7",
- "policy_group_names": null,
- "reference_id": "azurePolicyForKubernetes"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForKeyVault')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7",
- "policy_group_names": null,
- "reference_id": "defenderForKeyVaults"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForDns')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f",
- "policy_group_names": null,
- "reference_id": "defenderForDns"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForArm')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9",
- "policy_group_names": null,
- "reference_id": "defenderForArm"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForSql')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491",
- "policy_group_names": null,
- "reference_id": "defenderForSqlPaas"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForCosmosDbs')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542",
- "policy_group_names": null,
- "reference_id": "defenderForCosmosDbs"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForApis')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6",
- "policy_group_names": null,
- "reference_id": "defenderForApis"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForCspm')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd",
- "policy_group_names": null,
- "reference_id": "defenderForCspm"
- },
- {
- "parameter_values": "{\"emailSecurityContact\":{\"value\":\"[parameters('emailSecurityContact')]\"},\"minimalSeverity\":{\"value\":\"[parameters('minimalSeverity')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts",
- "policy_group_names": null,
- "reference_id": "securityEmailContact"
- },
- {
- "parameter_values": "{\"resourceGroupLocation\":{\"value\":\"[parameters('ascExportResourceGroupLocation')]\"},\"resourceGroupName\":{\"value\":\"[parameters('ascExportResourceGroupName')]\"},\"workspaceResourceId\":{\"value\":\"[parameters('logAnalytics')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9",
- "policy_group_names": null,
- "reference_id": "ascExport"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones",
- "display_name": "Configure Azure PaaS services to use private DNS zones",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.1.1\"}",
- "name": "Deploy-Private-DNS-Zones",
- "parameters": "{\"azureAcrPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAcrPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAppPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAppPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAppServicesPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAppServicesPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAsrPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAsrPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAutomationDSCHybridPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAutomationDSCHybridPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAutomationWebhookPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAutomationWebhookPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureBatchPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureBatchPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCognitiveSearchPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCognitiveSearchPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCognitiveServicesPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCognitiveServicesPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosCassandraPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosCassandraPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosGremlinPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosGremlinPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosMongoPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosMongoPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosSQLPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosSQLPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosTablePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosTablePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureDataFactoryPortalPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureDataFactoryPortalPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureDataFactoryPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureDataFactoryPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureDatabricksPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureDatabricksPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureDiskAccessPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureDiskAccessPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureEventGridDomainsPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureEventGridDomainsPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureEventGridTopicsPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureEventGridTopicsPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureEventHubNamespacePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureEventHubNamespacePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureFilePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureFilePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureHDInsightPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureHDInsightPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureIotHubsPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureIotHubsPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureIotPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureIotPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureKeyVaultPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureKeyVaultPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMachineLearningWorkspacePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMachineLearningWorkspacePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMediaServicesKeyPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMediaServicesKeyPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMediaServicesLivePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMediaServicesLivePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMediaServicesStreamPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMediaServicesStreamPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMigratePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMigratePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId1\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId1\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId2\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId2\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId3\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId3\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId4\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId4\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId5\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId5\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureRedisCachePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureRedisCachePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureServiceBusNamespacePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureServiceBusNamespacePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureSignalRPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureSignalRPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageBlobPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageBlobPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageBlobSecPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageBlobSecPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageDFSPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageDFSPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageDFSSecPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageDFSSecPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageFilePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageFilePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageQueuePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageQueuePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageQueueSecPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageQueueSecPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageStaticWebPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageStaticWebPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageStaticWebSecPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageStaticWebSecPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureSynapseDevPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureSynapseDevPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureSynapseSQLODPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureSynapseSQLODPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureSynapseSQLPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureSynapseSQLPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureWebPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureWebPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"string\"},\"effect1\":{\"allowedValues\":[\"deployIfNotExists\",\"Disabled\"],\"defaultValue\":\"deployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"string\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureFilePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-File-Sync"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"Webhook\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Automation-Webhook"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"DSCAndHybridWorker\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Automation-DSCHybrid"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosSQLPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"SQL\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-SQL"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosMongoPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"MongoDB\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-MongoDB"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"Cassandra\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-Cassandra"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"Gremlin\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-Gremlin"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosTablePrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"Table\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-Table"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"listOfGroupIds\":{\"value\":[\"dataFactory\"]},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDataFactoryPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-DataFactory"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"listOfGroupIds\":{\"value\":[\"portal\"]},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-DataFactory-Portal"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"databricks_ui_api\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDatabricksPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Databrics-UI-Api"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"browser_authentication\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDatabricksPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Databrics-Browser-AuthN"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"cluster\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureHDInsightPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-HDInsight"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMigratePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Migrate"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageBlobPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-Blob"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-Blob-Sec"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageQueuePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-Queue"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-Queue-Sec"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageFilePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-File"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-StaticWeb"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-StaticWeb-Sec"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageDFSPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-DFS"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-DFS-Sec"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureSynapseSQLPrivateDnsZoneId')]\"},\"targetSubResource\":{\"value\":\"Sql\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Synapse-SQL"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"},\"targetSubResource\":{\"value\":\"SqlOnDemand\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Synapse-SQL-OnDemand"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureSynapseDevPrivateDnsZoneId')]\"},\"targetSubResource\":{\"value\":\"Dev\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Synapse-Dev"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"keydelivery\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-MediaServices-Key"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"liveevent\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-MediaServices-Live"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"streamingendpoint\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-MediaServices-Stream"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId1\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId1')]\"},\"privateDnsZoneId2\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId2')]\"},\"privateDnsZoneId3\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId3')]\"},\"privateDnsZoneId4\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId4')]\"},\"privateDnsZoneId5\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId5')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Monitor"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureWebPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Web"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureBatchPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Batch"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAppPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-App"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAsrPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Site-Recovery"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureIotPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-IoT"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureKeyVaultPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-KeyVault"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureSignalRPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-SignalR"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAppServicesPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-AppServices"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect1')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-EventGridTopics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDiskAccessPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-DiskAccess"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-CognitiveServices"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect1')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureIotHubsPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-IoTHubs"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect1')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-EventGridDomains"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureRedisCachePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-RedisCache"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAcrPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-ACR"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-EventHubNamespace"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-MachineLearningWorkspace"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-ServiceBusNamespace"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-CognitiveSearch"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment",
- "display_name": "Deploy SQL Database built-in SQL security configuration",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Deploy-Sql-Security",
- "parameters": "{\"SqlDbAuditingSettingsDeploySqlSecurityEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy auditing settings to SQL Database when it not exist in the deployment\",\"displayName\":\"Deploy SQL database auditing settings\"},\"type\":\"String\"},\"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\",\"displayName\":\"Deploy SQL Database security Alert Policies configuration with email admin accounts\"},\"type\":\"String\"},\"SqlDbTdeDeploySqlSecurityEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy the Transparent Data Encryption when it is not enabled in the deployment\",\"displayName\":\"Deploy SQL Database Transparent Data Encryption \"},\"type\":\"String\"},\"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific storage account in the parameters\",\"displayName\":\"Deploy SQL Database vulnerability Assessments\"},\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"metadata\":{\"description\":\"The email address to send alerts\",\"displayName\":\"The email address to send alerts\"},\"type\":\"String\"},\"vulnerabilityAssessmentsStorageID\":{\"metadata\":{\"description\":\"The storage account ID to store assessments\",\"displayName\":\"The storage account ID to store assessments\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f",
- "policy_group_names": null,
- "reference_id": "SqlDbTdeDeploySqlSecurity"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies",
- "policy_group_names": null,
- "reference_id": "SqlDbSecurityAlertPoliciesDeploySqlSecurity"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings",
- "policy_group_names": null,
- "reference_id": "SqlDbAuditingSettingsDeploySqlSecurity"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"},\"vulnerabilityAssessmentsEmail\":{\"value\":\"[parameters('vulnerabilityAssessmentsEmail')]\"},\"vulnerabilityAssessmentsStorageID\":{\"value\":\"[parameters('vulnerabilityAssessmentsStorageID')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments",
- "policy_group_names": null,
- "reference_id": "SqlDbVulnerabilityAssessmentsDeploySqlSecurity"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.",
- "display_name": "Enforce Azure Compute Security Benchmark compliance auditing",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Guest Configuration\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Enforce-ACSB",
- "parameters": "{\"effect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"includeArcMachines\":{\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\",\"metadata\":{\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\",\"displayName\":\"Include Arc connected servers\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e",
- "policy_group_names": null,
- "reference_id": "GcIdentity"
- },
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da",
- "policy_group_names": null,
- "reference_id": "GcLinux"
- },
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6",
- "policy_group_names": null,
- "reference_id": "GcWindows"
- },
- {
- "parameter_values": "{\"IncludeArcMachines\":{\"value\":\"[parameters('includeArcMachines')]\"},\"effect\":{\"value\":\"[parameters('effect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc",
- "policy_group_names": null,
- "reference_id": "WinAcsb"
- },
- {
- "parameter_values": "{\"IncludeArcMachines\":{\"value\":\"[parameters('includeArcMachines')]\"},\"effect\":{\"value\":\"[parameters('effect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd",
- "policy_group_names": null,
- "reference_id": "LinAcsb"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce policies in the Decommissioned Landing Zone.",
- "display_name": "Enforce policies in the Decommissioned Landing Zone",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Decommissioned\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Enforce-ALZ-Decomm",
- "parameters": "{\"listOfResourceTypesAllowed\":{\"defaultValue\":[],\"metadata\":{\"description\":\"Allowed resource types in the Decommissioned landing zone, default is none.\",\"displayName\":\"Allowed resource types in the Decommissioned landing zone\",\"strongType\":\"resourceTypes\"},\"type\":\"Array\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"listOfResourceTypesAllowed\":{\"value\":\"[parameters('listOfResourceTypesAllowed')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c",
- "policy_group_names": null,
- "reference_id": "DecomDenyResources"
- },
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown",
- "policy_group_names": null,
- "reference_id": "DecomShutdownMachines"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce policies in the Sandbox Landing Zone.",
- "display_name": "Enforce policies in the Sandbox Landing Zone",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Sandbox\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Enforce-ALZ-Sandbox",
- "parameters": "{\"effectDenyVnetPeering\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectNotAllowedResources\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"listOfResourceTypesNotAllowed\":{\"defaultValue\":[],\"metadata\":{\"description\":\"Not allowed resource types in the Sandbox landing zone, default is none.\",\"displayName\":\"Not allowed resource types in the Sandbox landing zone\",\"strongType\":\"resourceTypes\"},\"type\":\"Array\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectNotAllowedResources')]\"},\"listOfResourceTypesNotAllowed\":{\"value\":\"[parameters('listOfResourceTypesNotAllowed')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
- "policy_group_names": null,
- "reference_id": "SandboxNotAllowed"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectDenyVnetPeering')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub",
- "policy_group_names": null,
- "reference_id": "SandboxDenyVnetPeering"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. ",
- "display_name": "Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Encryption\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "name": "Enforce-EncryptTransit",
- "parameters": "{\"AKSIngressHttpsOnlyEffect\":{\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\",\"metadata\":{\"description\":\"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"displayName\":\"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\"},\"type\":\"String\"},\"APIAppServiceHttpsEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\"displayName\":\"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\"},\"type\":\"String\"},\"AppServiceHttpEffect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\",\"displayName\":\"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\"},\"type\":\"String\"},\"AppServiceTlsVersionEffect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"App Service. Appends the AppService sites object to ensure that HTTPS only is enabled for server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\",\"displayName\":\"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\"},\"type\":\"String\"},\"AppServiceminTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"App Service. Select version minimum TLS version for a Web App config to enforce\",\"displayName\":\"App Service. Select version minimum TLS Web App config\"},\"type\":\"String\"},\"FunctionLatestTlsEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\",\"displayName\":\"App Service Function App. Latest TLS version should be used in your Function App\"},\"type\":\"String\"},\"FunctionServiceHttpsEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\"displayName\":\"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\"},\"type\":\"String\"},\"MySQLEnableSSLDeployEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\"},\"type\":\"String\"},\"MySQLEnableSSLEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\"},\"type\":\"String\"},\"MySQLminimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for MySQL server to enforce\",\"displayName\":\"MySQL database servers. Select version minimum TLS for MySQL server\"},\"type\":\"String\"},\"PostgreSQLEnableSSLDeployEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\"},\"type\":\"String\"},\"PostgreSQLEnableSSLEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\"},\"type\":\"String\"},\"PostgreSQLminimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"PostgreSQL database servers. Select version minimum TLS version Azure Database for MySQL server to enforce\",\"displayName\":\"PostgreSQL database servers. Select version minimum TLS for MySQL server\"},\"type\":\"String\"},\"RedisMinTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version for a Azure Cache for Redis to enforce\",\"displayName\":\"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\"},\"type\":\"String\"},\"RedisTLSDeployEffect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\"},\"type\":\"String\"},\"RedisTLSEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\",\"displayName\":\"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\"},\"type\":\"String\"},\"SQLManagedInstanceMinTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version for Azure Managed Instanceto to enforce\",\"displayName\":\"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\"},\"type\":\"String\"},\"SQLManagedInstanceTLSDeployEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\"},\"type\":\"String\"},\"SQLManagedInstanceTLSEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\",\"displayName\":\"SQL Managed Instance should have the minimal TLS version of 1.2\"},\"type\":\"String\"},\"SQLServerTLSDeployEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\"},\"type\":\"String\"},\"SQLServerTLSEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\",\"displayName\":\"Azure SQL Database should have the minimal TLS version of 1.2\"},\"type\":\"String\"},\"SQLServerminTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version for Azure SQL Database to enforce\",\"displayName\":\"Azure SQL Database.Select version minimum TLS for Azure SQL Database\"},\"type\":\"String\"},\"StorageDeployHttpsEnabledEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\"displayName\":\"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\"},\"type\":\"String\"},\"StorageHttpsEnabledEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\"displayName\":\"Azure Storage Account. Secure transfer to storage accounts should be enabled\"},\"type\":\"String\"},\"StorageminimumTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_1\",\"TLS1_0\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version on Azure Storage Account to enforce\",\"displayName\":\"Storage Account select minimum TLS version\"},\"type\":\"String\"},\"WebAppServiceHttpsEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\"displayName\":\"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\"},\"type\":\"String\"},\"WebAppServiceLatestTlsEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\",\"displayName\":\"App Service Web App. Latest TLS version should be used in your Web App\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppServiceHttpEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly",
- "policy_group_names": null,
- "reference_id": "AppServiceHttpEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppServiceTlsVersionEffect')]\"},\"minTlsVersion\":{\"value\":\"[parameters('AppServiceminTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS",
- "policy_group_names": null,
- "reference_id": "AppServiceminTlsVersion"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FunctionLatestTlsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193",
- "policy_group_names": null,
- "reference_id": "FunctionLatestTlsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WebAppServiceLatestTlsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
- "policy_group_names": null,
- "reference_id": "WebAppServiceLatestTlsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('APIAppServiceHttpsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http",
- "policy_group_names": null,
- "reference_id": "APIAppServiceHttpsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FunctionServiceHttpsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http",
- "policy_group_names": null,
- "reference_id": "FunctionServiceHttpsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WebAppServiceHttpsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http",
- "policy_group_names": null,
- "reference_id": "WebAppServiceHttpsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AKSIngressHttpsOnlyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d",
- "policy_group_names": null,
- "reference_id": "AKSIngressHttpsOnlyEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLEnableSSLDeployEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('MySQLminimalTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement",
- "policy_group_names": null,
- "reference_id": "MySQLEnableSSLDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLEnableSSLEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('MySQLminimalTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http",
- "policy_group_names": null,
- "reference_id": "MySQLEnableSSLEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLEnableSSLDeployEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('PostgreSQLminimalTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement",
- "policy_group_names": null,
- "reference_id": "PostgreSQLEnableSSLDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLEnableSSLEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('PostgreSQLminimalTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http",
- "policy_group_names": null,
- "reference_id": "PostgreSQLEnableSSLEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisTLSDeployEffect')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('RedisMinTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement",
- "policy_group_names": null,
- "reference_id": "RedisTLSDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisTLSDeployEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort",
- "policy_group_names": null,
- "reference_id": "RedisdisableNonSslPort"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisTLSEffect')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('RedisMinTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http",
- "policy_group_names": null,
- "reference_id": "RedisDenyhttps"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLManagedInstanceTLSDeployEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('SQLManagedInstanceMinTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS",
- "policy_group_names": null,
- "reference_id": "SQLManagedInstanceTLSDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLManagedInstanceTLSEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('SQLManagedInstanceMinTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS",
- "policy_group_names": null,
- "reference_id": "SQLManagedInstanceTLSEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLServerTLSDeployEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('SQLServerminTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS",
- "policy_group_names": null,
- "reference_id": "SQLServerTLSDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLServerTLSEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('SQLServerminTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS",
- "policy_group_names": null,
- "reference_id": "SQLServerTLSEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageHttpsEnabledEffect')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('StorageMinimumTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS",
- "policy_group_names": null,
- "reference_id": "StorageHttpsEnabledEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageDeployHttpsEnabledEffect')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('StorageMinimumTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement",
- "policy_group_names": null,
- "reference_id": "StorageDeployHttpsEnabledEffect"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny or Audit resources without Encryption with a customer-managed key (CMK)",
- "display_name": "Deny or Audit resources without Encryption with a customer-managed key (CMK)",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Encryption\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "name": "Enforce-Encryption-CMK",
- "parameters": "{\"ACRCmkEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\",\"displayName\":\"Container registries should be encrypted with a customer-managed key (CMK)\"},\"type\":\"String\"},\"AksCmkEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\",\"displayName\":\"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\"},\"type\":\"String\"},\"AzureBatchCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\",\"displayName\":\"Azure Batch account should use customer-managed keys to encrypt data\"},\"type\":\"String\"},\"CognitiveServicesCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\",\"displayName\":\"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\"},\"type\":\"String\"},\"CosmosCMKEffect\":{\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\",\"metadata\":{\"description\":\"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\",\"displayName\":\"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\"},\"type\":\"String\"},\"DataBoxCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\",\"displayName\":\"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\"},\"type\":\"String\"},\"EncryptedVMDisksEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\",\"displayName\":\"Disk encryption should be applied on virtual machines\"},\"type\":\"String\"},\"HealthcareAPIsCMKEffect\":{\"allowedValues\":[\"audit\",\"disabled\"],\"defaultValue\":\"audit\",\"metadata\":{\"description\":\"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\",\"displayName\":\"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\"},\"type\":\"String\"},\"MySQLCMKEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\",\"displayName\":\"Azure MySQL servers bring your own key data protection should be enabled\"},\"type\":\"String\"},\"PostgreSQLCMKEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\",\"displayName\":\"Azure PostgreSQL servers bring your own key data protection should be enabled\"},\"type\":\"String\"},\"SqlServerTDECMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\",\"displayName\":\"SQL servers should use customer-managed keys to encrypt data at rest\"},\"type\":\"String\"},\"StorageCMKEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\",\"displayName\":\"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\"},\"type\":\"String\"},\"StreamAnalyticsCMKEffect\":{\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\",\"metadata\":{\"description\":\"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\",\"displayName\":\"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\"},\"type\":\"String\"},\"SynapseWorkspaceCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\",\"displayName\":\"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\"},\"type\":\"String\"},\"WorkspaceCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\",\"displayName\":\"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ACRCmkEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580",
- "policy_group_names": null,
- "reference_id": "ACRCmkDeny"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AksCmkEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67",
- "policy_group_names": null,
- "reference_id": "AksCmkDeny"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WorkspaceCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8",
- "policy_group_names": null,
- "reference_id": "WorkspaceCMK"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CognitiveServicesCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d",
- "policy_group_names": null,
- "reference_id": "CognitiveServicesCMK"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CosmosCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f",
- "policy_group_names": null,
- "reference_id": "CosmosCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataBoxCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae",
- "policy_group_names": null,
- "reference_id": "DataBoxCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StreamAnalyticsCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7",
- "policy_group_names": null,
- "reference_id": "StreamAnalyticsCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SynapseWorkspaceCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385",
- "policy_group_names": null,
- "reference_id": "SynapseWorkspaceCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25",
- "policy_group_names": null,
- "reference_id": "StorageCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833",
- "policy_group_names": null,
- "reference_id": "MySQLCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274",
- "policy_group_names": null,
- "reference_id": "PostgreSQLCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlServerTDECMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8",
- "policy_group_names": null,
- "reference_id": "SqlServerTDECMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('HealthcareAPIsCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119",
- "policy_group_names": null,
- "reference_id": "HealthcareAPIsCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AzureBatchCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a",
- "policy_group_names": null,
- "reference_id": "AzureBatchCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EncryptedVMDisksEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d",
- "policy_group_names": null,
- "reference_id": "EncryptedVMDisksEffect"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce recommended guardrails for Azure Key Vault.",
- "display_name": "Enforce recommended guardrails for Azure Key Vault",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Key Vault\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Enforce-Guardrails-KeyVault",
- "parameters": "{\"effectKvCertLifetime\":{\"allowedValues\":[\"audit\",\"Audit\",\"deny\",\"Deny\",\"disabled\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvFirewallEnabled\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvKeysExpire\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvKeysLifetime\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvPurgeProtection\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvSecretsExpire\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvSecretsLifetime\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvSoftDelete\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"maximumCertLifePercentageLife\":{\"defaultValue\":80,\"metadata\":{\"description\":\"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\",\"displayName\":\"The maximum lifetime percentage\"},\"type\":\"Integer\"},\"minimumCertLifeDaysBeforeExpiry\":{\"defaultValue\":90,\"metadata\":{\"description\":\"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\",\"displayName\":\"The minimum days before expiry\"},\"type\":\"Integer\"},\"minimumKeysLifeDaysBeforeExpiry\":{\"defaultValue\":90,\"metadata\":{\"description\":\"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\",\"displayName\":\"The minimum days before expiry\"},\"type\":\"Integer\"},\"minimumSecretsLifeDaysBeforeExpiry\":{\"defaultValue\":90,\"metadata\":{\"description\":\"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\",\"displayName\":\"The minimum days before expiry\"},\"type\":\"Integer\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvSoftDelete')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d",
- "policy_group_names": null,
- "reference_id": "KvSoftDelete"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvPurgeProtection')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
- "policy_group_names": null,
- "reference_id": "KvPurgeProtection"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvSecretsExpire')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37",
- "policy_group_names": null,
- "reference_id": "KvSecretsExpire"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvKeysExpire')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
- "policy_group_names": null,
- "reference_id": "KvKeysExpire"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvFirewallEnabled')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490",
- "policy_group_names": null,
- "reference_id": "KvFirewallEnabled"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvCertLifetime')]\"},\"maximumPercentageLife\":{\"value\":\"[parameters('maximumCertLifePercentageLife')]\"},\"minimumDaysBeforeExpiry\":{\"value\":\"[parameters('minimumCertLifeDaysBeforeExpiry')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417",
- "policy_group_names": null,
- "reference_id": "KvCertLifetime"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvKeysLifetime')]\"},\"minimumDaysBeforeExpiration\":{\"value\":\"[parameters('minimumKeysLifeDaysBeforeExpiry')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146",
- "policy_group_names": null,
- "reference_id": "KvKeysLifetime"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvSecretsLifetime')]\"},\"minimumDaysBeforeExpiration\":{\"value\":\"[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a",
- "policy_group_names": null,
- "reference_id": "KvSecretsLifetime"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_assignment.private_dns_zone_contributor_connectivity[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "private_dns_zone_contributor_connectivity",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "role_definition_name": "Private DNS Zone Contributor",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.azurerm_role_assignment.private_dns_zone_contributor_connectivity[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "private_dns_zone_contributor_connectivity",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "role_definition_name": "Private DNS Zone Contributor",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/07824e45-af54-586f-a5f0-4bb8676cb3a2\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/07824e45-af54-586f-a5f0-4bb8676cb3a2",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Delegated role for subscription owner generated from subscription Owner role",
- "name": "[ROOT-ID-1] Subscription-Owner",
- "permissions": [
- {
- "actions": [
- "*"
- ],
- "data_actions": null,
- "not_actions": [
- "Microsoft.Authorization/*/write",
- "Microsoft.Network/vpnGateways/*",
- "Microsoft.Network/expressRouteCircuits/*",
- "Microsoft.Network/routeTables/write",
- "Microsoft.Network/vpnSites/*"
- ],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "07824e45-af54-586f-a5f0-4bb8676cb3a2",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false
- ],
- "not_actions": [
- false,
- false,
- false,
- false,
- false
- ]
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/3b569e18-4af0-5c97-932c-0447cae64922\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/3b569e18-4af0-5c97-932c-0447cae64922",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Security Administrator role with a horizontal view across the entire Azure estate and the Azure Key Vault purge policy.",
- "name": "[ROOT-ID-1] Security-Operations",
- "permissions": [
- {
- "actions": [
- "*/read",
- "*/register/action",
- "Microsoft.KeyVault/locations/deletedVaults/purge/action",
- "Microsoft.PolicyInsights/*",
- "Microsoft.Authorization/policyAssignments/*",
- "Microsoft.Authorization/policyDefinitions/*",
- "Microsoft.Authorization/policyExemptions/*",
- "Microsoft.Authorization/policySetDefinitions/*",
- "Microsoft.Insights/alertRules/*",
- "Microsoft.Resources/deployments/*",
- "Microsoft.Security/*",
- "Microsoft.Support/*"
- ],
- "data_actions": null,
- "not_actions": [],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "3b569e18-4af0-5c97-932c-0447cae64922",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false
- ],
- "not_actions": []
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/61e44ab2-d16b-5ea5-8692-f9b97be416fa\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/61e44ab2-d16b-5ea5-8692-f9b97be416fa",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Platform-wide global connectivity management: virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others",
- "name": "[ROOT-ID-1] Network-Management",
- "permissions": [
- {
- "actions": [
- "*/read",
- "Microsoft.Network/*",
- "Microsoft.Resources/deployments/*",
- "Microsoft.Support/*"
- ],
- "data_actions": null,
- "not_actions": [],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "61e44ab2-d16b-5ea5-8692-f9b97be416fa",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false,
- false,
- false,
- false
- ],
- "not_actions": []
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/6a8ddaca-120a-579a-a375-1abe30d29f6d\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/6a8ddaca-120a-579a-a375-1abe30d29f6d",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Enterprise-scale custom Role Definition. Grants full access to manage Virtual Network subnets, but no other network resources.",
- "name": "[ROOT-ID-1] Network-Subnet-Contributor",
- "permissions": [
- {
- "actions": [
- "Microsoft.Authorization/*/read",
- "Microsoft.Insights/alertRules/*",
- "Microsoft.ResourceHealth/availabilityStatuses/read",
- "Microsoft.Resources/deployments/*",
- "Microsoft.Resources/subscriptions/resourceGroups/read",
- "Microsoft.Support/*",
- "Microsoft.Network/*/read",
- "Microsoft.Network/virtualNetworks/subnets/*"
- ],
- "data_actions": null,
- "not_actions": [],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "6a8ddaca-120a-579a-a375-1abe30d29f6d",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false
- ],
- "not_actions": []
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/8fed4ea0-34b3-55af-93e0-fbaa8f3ed158\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/8fed4ea0-34b3-55af-93e0-fbaa8f3ed158",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Contributor role granted for application/operations team at resource group level",
- "name": "[ROOT-ID-1] Application-Owners",
- "permissions": [
- {
- "actions": [
- "*"
- ],
- "data_actions": null,
- "not_actions": [
- "Microsoft.Authorization/*/write",
- "Microsoft.Network/publicIPAddresses/write",
- "Microsoft.Network/virtualNetworks/write",
- "Microsoft.KeyVault/locations/deletedVaults/purge/action"
- ],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "8fed4ea0-34b3-55af-93e0-fbaa8f3ed158",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false
- ],
- "not_actions": [
- false,
- false,
- false,
- false
- ]
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_subscription_template_deployment.telemetry_core[0]",
- "mode": "managed",
- "type": "azurerm_subscription_template_deployment",
- "name": "telemetry_core",
- "index": 0,
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "debug_level": null,
- "location": "northeurope",
- "tags": null,
- "template_content": "{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{\"telemetry\":{\"type\":\"String\",\"value\":\"For more information, see https://aka.ms/alz/tf/telemetry\"}},\"parameters\":{},\"resources\":[],\"variables\":{}}",
- "template_spec_version_id": null,
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.data.azapi_resource.user_msi[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\"]",
- "mode": "data",
- "type": "azapi_resource",
- "name": "user_msi",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics",
- "provider_name": "registry.terraform.io/azure/azapi",
- "schema_version": 0,
- "values": {
- "identity": [],
- "name": null,
- "resource_id": "/subscriptions/2a8527ca-5340-49aa-8931-ea03669451a0/resourceGroups/rg-identity/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id-identity",
- "response_export_values": [
- "properties.principalId"
- ],
- "timeouts": null,
- "type": "Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31"
- },
- "sensitive_values": {
- "identity": [],
- "response_export_values": [
- false
- ],
- "tags": {}
- }
- },
- {
- "address": "module.test_core.random_id.telem[0]",
- "mode": "managed",
- "type": "random_id",
- "name": "telem",
- "index": 0,
- "provider_name": "registry.terraform.io/hashicorp/random",
- "schema_version": 0,
- "values": {
- "byte_length": 4,
- "keepers": null,
- "prefix": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_management_group",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_management_group",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "120s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_management_group_level_1": "[\"/providers/Microsoft.Management/managementGroups/root-id-1\"]",
- "azurerm_management_group_level_2": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1-platform\",\"/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes\"]",
- "azurerm_management_group_level_3": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp\",\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp\",\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-online\",\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-sap\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity\",\"/providers/Microsoft.Management/managementGroups/root-id-1-management\",\"/providers/Microsoft.Management/managementGroups/root-id-1-online\",\"/providers/Microsoft.Management/managementGroups/root-id-1-sap\",\"/providers/Microsoft.Management/managementGroups/root-id-1-secure\"]",
- "azurerm_management_group_level_4": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-emea\",\"/providers/Microsoft.Management/managementGroups/root-id-1-web-global\",\"/providers/Microsoft.Management/managementGroups/root-id-1-web-us\"]",
- "azurerm_management_group_level_5": "[]",
- "azurerm_management_group_level_6": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_policy_assignment",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_assignment",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_management_group_policy_assignment_enterprise_scale": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Audit-PeDnsZones\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-HybridNetworking\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-Endpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP-On-NIC\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\",\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Audit-PeDnsZones\",\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deny-HybridNetworking\",\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-Endpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP-On-NIC\",\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Audit-AppGW-WAF\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-IP-forwarding\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Priv-Esc-AKS\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Privileged-AKS\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Storage-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-AKS-HTTPS\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\",\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1-platform/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\",\"/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Sandbox\",\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\",\"/providers/Microsoft.Management/managementGroups/root-id-1-web-emea/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1-web-emea/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1-web-us/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1-web-us/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Audit-UnusedResources\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Classic-Resources\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-UnmanagedDisk\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_policy_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_policy_definition_enterprise_scale": "[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-KV-SoftDelete\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-MachineLearning-PrivateEndpointId\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AA-child-resources\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGW-Without-WAF\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-NoPublicIp\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-Sku\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-VirtualNetwork\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureAuth\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureKerberos\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbChannel\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbVersions\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Aks\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-SubnetId\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-VmSize\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-Scale\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-HbiWorkspace\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicAccessWhenBehindVnet\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Private-DNS-Zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-RDP-From-Internet\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-StorageAccount-CustomDomain\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Penp\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-UDR-With-Specific-NextHop\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peering-To-Non-Approved-VNETs\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNet-Peering\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Budget\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Custom-Route-Table\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-DDoSProtection\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-FirewallPolicy\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs-to-LA\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-VNET-HubSpoke\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Windows-DomainJoin\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_policy_set_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_set_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_policy_set_definition_enterprise_scale": "[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Audit-UnusedResourcesCostOptimization\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_role_assignment",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_role_assignment",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "0s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_role_assignment_enterprise_scale": "[]",
- "module_role_assignments_for_policy": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\",\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\",\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_role_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_role_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "60s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_role_definition_enterprise_scale": "[\"/providers/Microsoft.Authorization/roleDefinitions/07824e45-af54-586f-a5f0-4bb8676cb3a2\",\"/providers/Microsoft.Authorization/roleDefinitions/3b569e18-4af0-5c97-932c-0447cae64922\",\"/providers/Microsoft.Authorization/roleDefinitions/61e44ab2-d16b-5ea5-8692-f9b97be416fa\",\"/providers/Microsoft.Authorization/roleDefinitions/6a8ddaca-120a-579a-a375-1abe30d29f6d\",\"/providers/Microsoft.Authorization/roleDefinitions/8fed4ea0-34b3-55af-93e0-fbaa8f3ed158\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- }
- ],
- "address": "module.test_core",
- "child_modules": [
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/roleAssignments/bfe36639-f89e-5737-81df-f575c532b31a\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/roleAssignments/bfe36639-f89e-5737-81df-f575c532b31a",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "bfe36639-f89e-5737-81df-f575c532b31a",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/roleAssignments/c1667135-b6fa-51a7-a71f-04eeefb1ec49\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/roleAssignments/c1667135-b6fa-51a7-a71f-04eeefb1ec49",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "c1667135-b6fa-51a7-a71f-04eeefb1ec49",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/roleAssignments/d1e35723-04dc-5347-9a6a-b90606a2b1e5\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/roleAssignments/d1e35723-04dc-5347-9a6a-b90606a2b1e5",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "d1e35723-04dc-5347-9a6a-b90606a2b1e5",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/roleAssignments/e3573ce7-7824-5fcb-8a30-670f460f094f\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/roleAssignments/e3573ce7-7824-5fcb-8a30-670f460f094f",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e3573ce7-7824-5fcb-8a30-670f460f094f",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/roleAssignments/aabcf781-5c4c-5952-863f-e51732fcdf1b\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/roleAssignments/aabcf781-5c4c-5952-863f-e51732fcdf1b",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "aabcf781-5c4c-5952-863f-e51732fcdf1b",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/roleAssignments/08856ba9-2378-5a5c-a13e-18aaa7a2dac3\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/roleAssignments/08856ba9-2378-5a5c-a13e-18aaa7a2dac3",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "08856ba9-2378-5a5c-a13e-18aaa7a2dac3",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/roleAssignments/a4690096-bf5a-5e20-b650-50defb59fae4\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/roleAssignments/a4690096-bf5a-5e20-b650-50defb59fae4",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "a4690096-bf5a-5e20-b650-50defb59fae4",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/roleAssignments/b273a793-e21d-51b0-8483-f9f898ce6d52\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/roleAssignments/b273a793-e21d-51b0-8483-f9f898ce6d52",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "b273a793-e21d-51b0-8483-f9f898ce6d52",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-demo-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/roleAssignments/10acbd2f-bfdd-5c38-bf46-3a67cafdeaf3\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/roleAssignments/10acbd2f-bfdd-5c38-bf46-3a67cafdeaf3",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "10acbd2f-bfdd-5c38-bf46-3a67cafdeaf3",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/roleAssignments/1358ccb0-1ad3-5974-ae44-7f5728c09678\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/roleAssignments/1358ccb0-1ad3-5974-ae44-7f5728c09678",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "1358ccb0-1ad3-5974-ae44-7f5728c09678",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/e3bad489-c3ed-57c4-9802-e4c4a84ed145\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/e3bad489-c3ed-57c4-9802-e4c4a84ed145",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e3bad489-c3ed-57c4-9802-e4c4a84ed145",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/ef4aaac1-624f-57fb-8444-3d2fdd091a35\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/ef4aaac1-624f-57fb-8444-3d2fdd091a35",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "ef4aaac1-624f-57fb-8444-3d2fdd091a35",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/18ed5180-3e48-46fd-8541-4ea054d57064",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/62d19ca1-fb31-5489-859f-f43578c5e409\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/62d19ca1-fb31-5489-859f-f43578c5e409",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "62d19ca1-fb31-5489-859f-f43578c5e409",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/dedede29-96ae-5d67-84a4-70b555716715\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/dedede29-96ae-5d67-84a4-70b555716715",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "dedede29-96ae-5d67-84a4-70b555716715",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/3017df2e-5df0-5373-bb0c-c255e0127c77\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/3017df2e-5df0-5373-bb0c-c255e0127c77",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "3017df2e-5df0-5373-bb0c-c255e0127c77",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/533932d3-0f16-59eb-84b8-893805c84e9c\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/533932d3-0f16-59eb-84b8-893805c84e9c",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "533932d3-0f16-59eb-84b8-893805c84e9c",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/8a906dc2-5af6-5c64-a065-e5782483b6b7\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/8a906dc2-5af6-5c64-a065-e5782483b6b7",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "8a906dc2-5af6-5c64-a065-e5782483b6b7",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/ee60d5ba-80b7-58dc-b6c6-1e0ceaaaf879\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/ee60d5ba-80b7-58dc-b6c6-1e0ceaaaf879",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "ee60d5ba-80b7-58dc-b6c6-1e0ceaaaf879",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/1c659f37-1ad5-5577-bc68-922ba20d7523\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/1c659f37-1ad5-5577-bc68-922ba20d7523",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "1c659f37-1ad5-5577-bc68-922ba20d7523",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/a6a1084c-d0cb-5064-b41f-1bd6af819efb\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/a6a1084c-d0cb-5064-b41f-1bd6af819efb",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "a6a1084c-d0cb-5064-b41f-1bd6af819efb",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/d38c8a09-e2ee-5c09-b677-e38676280c29\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/d38c8a09-e2ee-5c09-b677-e38676280c29",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "d38c8a09-e2ee-5c09-b677-e38676280c29",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/d52d1c28-60ce-5efa-8f6d-0e1a32be16b6\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/d52d1c28-60ce-5efa-8f6d-0e1a32be16b6",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "d52d1c28-60ce-5efa-8f6d-0e1a32be16b6",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/e9d4bb72-a2e6-5c7f-9354-3ea5c9ae9f87\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/e9d4bb72-a2e6-5c7f-9354-3ea5c9ae9f87",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e9d4bb72-a2e6-5c7f-9354-3ea5c9ae9f87",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/roleAssignments/8f7e20b7-7a5d-551d-b4fd-047861c4bc93\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/roleAssignments/8f7e20b7-7a5d-551d-b4fd-047861c4bc93",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "8f7e20b7-7a5d-551d-b4fd-047861c4bc93",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-management",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/3406f92e-62e7-506f-9b80-9c7a6a19c569\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/3406f92e-62e7-506f-9b80-9c7a6a19c569",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "3406f92e-62e7-506f-9b80-9c7a6a19c569",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/7316970a-470a-5a53-bc65-06add2b5a31e\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/7316970a-470a-5a53-bc65-06add2b5a31e",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "7316970a-470a-5a53-bc65-06add2b5a31e",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/745f090f-9aca-509d-94c6-0f6704abceae\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/745f090f-9aca-509d-94c6-0f6704abceae",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "745f090f-9aca-509d-94c6-0f6704abceae",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/817e9088-7487-507a-bc2b-d6f0d6fefca1\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/817e9088-7487-507a-bc2b-d6f0d6fefca1",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "817e9088-7487-507a-bc2b-d6f0d6fefca1",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/e5b17f2f-f8a9-5645-ae80-2e639d5cc71f\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/e5b17f2f-f8a9-5645-ae80-2e639d5cc71f",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e5b17f2f-f8a9-5645-ae80-2e639d5cc71f",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/a82e8238-8bda-508f-84b5-f732aae9ee5e\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/a82e8238-8bda-508f-84b5-f732aae9ee5e",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "a82e8238-8bda-508f-84b5-f732aae9ee5e",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/c7bf76e5-9636-5f92-ad46-22d49ea5c086\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/c7bf76e5-9636-5f92-ad46-22d49ea5c086",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "c7bf76e5-9636-5f92-ad46-22d49ea5c086",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/5127798b-130e-5d28-b539-2f33fa0fb750\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/5127798b-130e-5d28-b539-2f33fa0fb750",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "5127798b-130e-5d28-b539-2f33fa0fb750",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/5d2b9623-6e43-594f-a2e7-d200188772f5\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/5d2b9623-6e43-594f-a2e7-d200188772f5",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "5d2b9623-6e43-594f-a2e7-d200188772f5",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/8701c536-d722-531e-9bde-ae1e0427a9ae\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/8701c536-d722-531e-9bde-ae1e0427a9ae",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "8701c536-d722-531e-9bde-ae1e0427a9ae",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/9a2ebc9c-52d3-5cba-ae34-4d3507b2968e\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/9a2ebc9c-52d3-5cba-ae34-4d3507b2968e",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "9a2ebc9c-52d3-5cba-ae34-4d3507b2968e",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/b2bbf080-fbfd-53ff-91d5-37dc8ecfb6bb\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/b2bbf080-fbfd-53ff-91d5-37dc8ecfb6bb",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "b2bbf080-fbfd-53ff-91d5-37dc8ecfb6bb",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/e01a72e6-27ce-5ca0-acac-7e07b933740a\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/e01a72e6-27ce-5ca0-acac-7e07b933740a",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e01a72e6-27ce-5ca0-acac-7e07b933740a",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/22ff9bc8-ce29-51d8-b952-886206aa9339\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/22ff9bc8-ce29-51d8-b952-886206aa9339",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "22ff9bc8-ce29-51d8-b952-886206aa9339",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/9ce4af18-ce8a-5ff5-b9d3-5b2718531aa3\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/9ce4af18-ce8a-5ff5-b9d3-5b2718531aa3",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "9ce4af18-ce8a-5ff5-b9d3-5b2718531aa3",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/a73d060f-b4c9-5c45-bdd2-5bca0354d723\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/a73d060f-b4c9-5c45-bdd2-5bca0354d723",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "a73d060f-b4c9-5c45-bdd2-5bca0354d723",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/cb5f0a98-31a9-5269-9403-a186cfc43943\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/cb5f0a98-31a9-5269-9403-a186cfc43943",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "cb5f0a98-31a9-5269-9403-a186cfc43943",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/fcd93ba4-ff33-5824-a504-b432c2dfd3a7\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/fcd93ba4-ff33-5824-a504-b432c2dfd3a7",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "fcd93ba4-ff33-5824-a504-b432c2dfd3a7",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/18ed5180-3e48-46fd-8541-4ea054d57064",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/ff44dd66-55e9-54b4-be99-411f2ea2888d\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/ff44dd66-55e9-54b4-be99-411f2ea2888d",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "ff44dd66-55e9-54b4-be99-411f2ea2888d",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/14538d97-4a28-5d98-889f-4466a399396f\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/14538d97-4a28-5d98-889f-4466a399396f",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "14538d97-4a28-5d98-889f-4466a399396f",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/48b3e1cf-ed37-5c12-b92e-ffe2a7a7e5f7\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/48b3e1cf-ed37-5c12-b92e-ffe2a7a7e5f7",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "48b3e1cf-ed37-5c12-b92e-ffe2a7a7e5f7",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/51ed04ed-dae3-5fd3-9fa6-eea4b794c795\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/51ed04ed-dae3-5fd3-9fa6-eea4b794c795",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "51ed04ed-dae3-5fd3-9fa6-eea4b794c795",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/6069b84d-76fc-5db3-905b-09304bb00f79\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/6069b84d-76fc-5db3-905b-09304bb00f79",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "6069b84d-76fc-5db3-905b-09304bb00f79",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/4ccc8330-f622-59c1-8f88-161a33aaf4a6\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/4ccc8330-f622-59c1-8f88-161a33aaf4a6",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "4ccc8330-f622-59c1-8f88-161a33aaf4a6",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/e69c3b84-6498-5330-ba23-d89f390b67bf\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/e69c3b84-6498-5330-ba23-d89f390b67bf",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e69c3b84-6498-5330-ba23-d89f390b67bf",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/944bd159-55ad-5350-963c-316d127a5fd2\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/944bd159-55ad-5350-963c-316d127a5fd2",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "944bd159-55ad-5350-963c-316d127a5fd2",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/3d3e8314-e2b2-5209-a43a-7e53ddabe248\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/3d3e8314-e2b2-5209-a43a-7e53ddabe248",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "3d3e8314-e2b2-5209-a43a-7e53ddabe248",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"]"
- }
- ]
- }
- ]
- }
-}
diff --git a/tests/modules/test_002_add_custom_core/main.tf b/tests/modules/test_002_add_custom_core/main.tf
index 1b134a67f..caa724faf 100644
--- a/tests/modules/test_002_add_custom_core/main.tf
+++ b/tests/modules/test_002_add_custom_core/main.tf
@@ -21,8 +21,8 @@ module "test_core" {
# Configuration settings for optional landing zones
deploy_corp_landing_zones = true
deploy_online_landing_zones = true
- deploy_sap_landing_zones = true
- deploy_demo_landing_zones = true
+ deploy_sap_landing_zones = false
+ deploy_demo_landing_zones = false
# Configure path for custom library folder and
# custom template file variables
@@ -36,7 +36,7 @@ module "test_core" {
subscription_id_overrides = module.settings.core.subscription_id_overrides
# Configuration settings for management resources
- deploy_management_resources = false
+ deploy_management_resources = true
configure_management_resources = module.settings.management.configure_management_resources
subscription_id_management = data.azurerm_client_config.management.subscription_id
diff --git a/tests/modules/test_002_add_custom_core/settings.tf b/tests/modules/test_002_add_custom_core/settings.tf
index 11d52e2fb..98ed73d76 100644
--- a/tests/modules/test_002_add_custom_core/settings.tf
+++ b/tests/modules/test_002_add_custom_core/settings.tf
@@ -1,6 +1,9 @@
# Obtain configuration settings.
module "settings" {
source = "../settings"
+ providers = {
+ azurerm = azurerm.management
+ }
root_id = var.root_id
primary_location = var.primary_location
diff --git a/tests/modules/test_002_add_custom_core/terraform.tf b/tests/modules/test_002_add_custom_core/terraform.tf
index ed80d4e44..dd5cd3f33 100644
--- a/tests/modules/test_002_add_custom_core/terraform.tf
+++ b/tests/modules/test_002_add_custom_core/terraform.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "3.74.0"
+ version = "3.107.0"
configuration_aliases = [
azurerm.connectivity,
azurerm.management,
diff --git a/tests/modules/test_003_add_mgmt_conn/baseline_values.json b/tests/modules/test_003_add_mgmt_conn/baseline_values.json
deleted file mode 100644
index e67f1c531..000000000
--- a/tests/modules/test_003_add_mgmt_conn/baseline_values.json
+++ /dev/null
@@ -1,15480 +0,0 @@
-{
- "root_module": {
- "child_modules": [
- {
- "resources": [
- {
- "address": "module.settings.azurerm_resource_group.example",
- "mode": "managed",
- "type": "azurerm_resource_group",
- "name": "example",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "location": "northeurope",
- "managed_by": null,
- "name": "rg-identity",
- "tags": null,
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.settings.azurerm_user_assigned_identity.example",
- "mode": "managed",
- "type": "azurerm_user_assigned_identity",
- "name": "example",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "location": "northeurope",
- "name": "id-identity",
- "resource_group_name": "rg-identity",
- "tags": null,
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.settings"
- },
- {
- "resources": [
- {
- "address": "module.test_connectivity.azurerm_express_route_gateway.virtual_wan[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/expressRouteGateways/root-id-1-ergw-northeurope\"]",
- "mode": "managed",
- "type": "azurerm_express_route_gateway",
- "name": "virtual_wan",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/expressRouteGateways/root-id-1-ergw-northeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allow_non_virtual_wan_traffic": false,
- "location": "northeurope",
- "name": "root-id-1-ergw-northeurope",
- "resource_group_name": "root-id-1-connectivity",
- "scale_units": 1,
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "virtual_hub_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualHubs/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_firewall.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/azureFirewalls/root-id-1-fw-northeurope\"]",
- "mode": "managed",
- "type": "azurerm_firewall",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/azureFirewalls/root-id-1-fw-northeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "dns_servers": null,
- "firewall_policy_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/firewallPolicies/root-id-1-fw-northeurope-policy",
- "ip_configuration": [
- {
- "name": "root-id-1-fw-northeurope-pip",
- "public_ip_address_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-fw-northeurope-pip",
- "subnet_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope/subnets/AzureFirewallSubnet"
- }
- ],
- "location": "northeurope",
- "management_ip_configuration": [],
- "name": "root-id-1-fw-northeurope",
- "private_ip_ranges": null,
- "resource_group_name": "root-id-1-connectivity-northeurope",
- "sku_name": "AZFW_VNet",
- "sku_tier": "Standard",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "threat_intel_mode": "Alert",
- "timeouts": null,
- "virtual_hub": [],
- "zones": [
- "1",
- "2"
- ]
- },
- "sensitive_values": {
- "ip_configuration": [
- {}
- ],
- "management_ip_configuration": [],
- "tags": {},
- "virtual_hub": [],
- "zones": [
- false,
- false
- ]
- }
- },
- {
- "address": "module.test_connectivity.azurerm_firewall.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/azureFirewalls/root-id-1-fw-uksouth\"]",
- "mode": "managed",
- "type": "azurerm_firewall",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/azureFirewalls/root-id-1-fw-uksouth",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "dns_servers": null,
- "firewall_policy_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/firewallPolicies/root-id-1-fw-uksouth-policy",
- "ip_configuration": [
- {
- "name": "root-id-1-fw-uksouth-pip",
- "public_ip_address_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/publicIPAddresses/root-id-1-fw-uksouth-pip",
- "subnet_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth/subnets/AzureFirewallSubnet"
- }
- ],
- "location": "uksouth",
- "management_ip_configuration": [
- {
- "name": "root-id-1-fw-uksouth-mgmt-pip",
- "public_ip_address_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/publicIPAddresses/root-id-1-fw-uksouth-mgmt-pip",
- "subnet_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth/subnets/AzureFirewallManagementSubnet"
- }
- ],
- "name": "root-id-1-fw-uksouth",
- "private_ip_ranges": null,
- "resource_group_name": "root-id-1-connectivity-uksouth",
- "sku_name": "AZFW_VNet",
- "sku_tier": "Basic",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "threat_intel_mode": "Alert",
- "timeouts": null,
- "virtual_hub": [],
- "zones": [
- "1",
- "2"
- ]
- },
- "sensitive_values": {
- "ip_configuration": [
- {}
- ],
- "management_ip_configuration": [
- {}
- ],
- "tags": {},
- "virtual_hub": [],
- "zones": [
- false,
- false
- ]
- }
- },
- {
- "address": "module.test_connectivity.azurerm_firewall.virtual_wan[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/azureFirewalls/root-id-1-fw-hub-northeurope\"]",
- "mode": "managed",
- "type": "azurerm_firewall",
- "name": "virtual_wan",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/azureFirewalls/root-id-1-fw-hub-northeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "dns_servers": null,
- "firewall_policy_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/firewallPolicies/root-id-1-fw-hub-northeurope-policy",
- "ip_configuration": [],
- "location": "northeurope",
- "management_ip_configuration": [],
- "name": "root-id-1-fw-hub-northeurope",
- "private_ip_ranges": null,
- "resource_group_name": "root-id-1-connectivity",
- "sku_name": "AZFW_Hub",
- "sku_tier": "Standard",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "virtual_hub": [
- {
- "public_ip_count": 1,
- "virtual_hub_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualHubs/root-id-1-hub-northeurope"
- }
- ],
- "zones": [
- "1",
- "2"
- ]
- },
- "sensitive_values": {
- "ip_configuration": [],
- "management_ip_configuration": [],
- "tags": {},
- "virtual_hub": [
- {
- "public_ip_addresses": []
- }
- ],
- "zones": [
- false,
- false
- ]
- }
- },
- {
- "address": "module.test_connectivity.azurerm_firewall_policy.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/firewallPolicies/root-id-1-fw-northeurope-policy\"]",
- "mode": "managed",
- "type": "azurerm_firewall_policy",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/firewallPolicies/root-id-1-fw-northeurope-policy",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "auto_learn_private_ranges_enabled": null,
- "base_policy_id": null,
- "dns": [
- {
- "proxy_enabled": true,
- "servers": null
- }
- ],
- "explicit_proxy": [],
- "identity": [],
- "insights": [],
- "intrusion_detection": [],
- "location": "northeurope",
- "name": "root-id-1-fw-northeurope-policy",
- "private_ip_ranges": null,
- "resource_group_name": "root-id-1-connectivity-northeurope",
- "sku": "Standard",
- "sql_redirect_allowed": false,
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "threat_intelligence_allowlist": [],
- "threat_intelligence_mode": "Alert",
- "timeouts": null,
- "tls_certificate": []
- },
- "sensitive_values": {
- "child_policies": [],
- "dns": [
- {}
- ],
- "explicit_proxy": [],
- "firewalls": [],
- "identity": [],
- "insights": [],
- "intrusion_detection": [],
- "rule_collection_groups": [],
- "tags": {},
- "threat_intelligence_allowlist": [],
- "tls_certificate": []
- }
- },
- {
- "address": "module.test_connectivity.azurerm_firewall_policy.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/firewallPolicies/root-id-1-fw-uksouth-policy\"]",
- "mode": "managed",
- "type": "azurerm_firewall_policy",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/firewallPolicies/root-id-1-fw-uksouth-policy",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "auto_learn_private_ranges_enabled": null,
- "base_policy_id": null,
- "dns": [],
- "explicit_proxy": [],
- "identity": [],
- "insights": [],
- "intrusion_detection": [],
- "location": "uksouth",
- "name": "root-id-1-fw-uksouth-policy",
- "private_ip_ranges": null,
- "resource_group_name": "root-id-1-connectivity-uksouth",
- "sku": "Basic",
- "sql_redirect_allowed": null,
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "threat_intelligence_allowlist": [],
- "threat_intelligence_mode": "Alert",
- "timeouts": null,
- "tls_certificate": []
- },
- "sensitive_values": {
- "child_policies": [],
- "dns": [],
- "explicit_proxy": [],
- "firewalls": [],
- "identity": [],
- "insights": [],
- "intrusion_detection": [],
- "rule_collection_groups": [],
- "tags": {},
- "threat_intelligence_allowlist": [],
- "tls_certificate": []
- }
- },
- {
- "address": "module.test_connectivity.azurerm_firewall_policy.virtual_wan[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/firewallPolicies/root-id-1-fw-hub-northeurope-policy\"]",
- "mode": "managed",
- "type": "azurerm_firewall_policy",
- "name": "virtual_wan",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/firewallPolicies/root-id-1-fw-hub-northeurope-policy",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "auto_learn_private_ranges_enabled": null,
- "base_policy_id": null,
- "dns": [
- {
- "proxy_enabled": false,
- "servers": null
- }
- ],
- "explicit_proxy": [],
- "identity": [],
- "insights": [],
- "intrusion_detection": [],
- "location": "northeurope",
- "name": "root-id-1-fw-hub-northeurope-policy",
- "private_ip_ranges": null,
- "resource_group_name": "root-id-1-connectivity",
- "sku": "Standard",
- "sql_redirect_allowed": null,
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "threat_intelligence_allowlist": [],
- "threat_intelligence_mode": "Alert",
- "timeouts": null,
- "tls_certificate": []
- },
- "sensitive_values": {
- "child_policies": [],
- "dns": [
- {}
- ],
- "explicit_proxy": [],
- "firewalls": [],
- "identity": [],
- "insights": [],
- "intrusion_detection": [],
- "rule_collection_groups": [],
- "tags": {},
- "threat_intelligence_allowlist": [],
- "tls_certificate": []
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.adf.azure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.afs.azure.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.afs.azure.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.afs.azure.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.agentsvc.azure-automation.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.agentsvc.azure-automation.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.agentsvc.azure-automation.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.api.azureml.ms",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.azconfig.io",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.azure-automation.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices-provisioning.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices-provisioning.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.azure-devices-provisioning.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.azure-devices.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.azurecr.io",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurehdinsight.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurehdinsight.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.azurehdinsight.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.azurewebsites.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.batch.azure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.blob.core.windows.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cassandra.cosmos.azure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cassandra.cosmos.azure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.cassandra.cosmos.azure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.cognitiveservices.azure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.datafactory.azure.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.documents.azure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.eventgrid.azure.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.file.core.windows.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.gremlin.cosmos.azure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.gremlin.cosmos.azure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.gremlin.cosmos.azure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.media.azure.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mongo.cosmos.azure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mongo.cosmos.azure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.mongo.cosmos.azure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.monitor.azure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.monitor.azure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.monitor.azure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.notebooks.azure.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.ods.opinsights.azure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.ods.opinsights.azure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.ods.opinsights.azure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.oms.opinsights.azure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.oms.opinsights.azure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.oms.opinsights.azure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.prod.migration.windowsazure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.prod.migration.windowsazure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.prod.migration.windowsazure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.queue.core.windows.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.redis.cache.windows.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.redis.cache.windows.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.redis.cache.windows.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.search.windows.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.service.signalr.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.service.signalr.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.service.signalr.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.servicebus.windows.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.siterecovery.windowsazure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.siterecovery.windowsazure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.siterecovery.windowsazure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.core.windows.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.core.windows.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.table.core.windows.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.cosmos.azure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.cosmos.azure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.table.cosmos.azure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.vaultcore.azure.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.web.core.windows.net",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "privatelink.webpubsub.azure.com",
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- }
- },
- "sensitive_values": {
- "soa_record": [],
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.adf.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.adf.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.adf.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.afs.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.afs.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.afs.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.afs.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.afs.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.afs.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.afs.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.afs.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.afs.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.agentsvc.azure-automation.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.agentsvc.azure-automation.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.agentsvc.azure-automation.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.agentsvc.azure-automation.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.agentsvc.azure-automation.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.agentsvc.azure-automation.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.agentsvc.azure-automation.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.agentsvc.azure-automation.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.agentsvc.azure-automation.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.api.azureml.ms",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.api.azureml.ms",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.api.azureml.ms",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.azconfig.io",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.azconfig.io",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.azconfig.io",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.azure-automation.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.azure-automation.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.azure-automation.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices-provisioning.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices-provisioning.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.azure-devices-provisioning.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices-provisioning.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices-provisioning.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.azure-devices-provisioning.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices-provisioning.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices-provisioning.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.azure-devices-provisioning.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.azure-devices.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.azure-devices.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.azure-devices.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.azurecr.io",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.azurecr.io",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.azurecr.io",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurehdinsight.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurehdinsight.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.azurehdinsight.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurehdinsight.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurehdinsight.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.azurehdinsight.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurehdinsight.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurehdinsight.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.azurehdinsight.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.azurewebsites.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.azurewebsites.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.azurewebsites.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.batch.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.batch.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.batch.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.blob.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.blob.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.blob.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cassandra.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cassandra.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.cassandra.cosmos.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cassandra.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cassandra.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.cassandra.cosmos.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cassandra.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cassandra.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.cassandra.cosmos.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.cognitiveservices.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.cognitiveservices.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.cognitiveservices.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.datafactory.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.datafactory.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.datafactory.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.documents.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.documents.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.documents.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.eventgrid.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.eventgrid.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.eventgrid.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.file.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.file.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.file.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.gremlin.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.gremlin.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.gremlin.cosmos.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.gremlin.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.gremlin.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.gremlin.cosmos.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.gremlin.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.gremlin.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.gremlin.cosmos.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.media.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.media.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.media.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mongo.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mongo.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.mongo.cosmos.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mongo.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mongo.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.mongo.cosmos.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mongo.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mongo.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.mongo.cosmos.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.monitor.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.monitor.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.monitor.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.monitor.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.monitor.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.monitor.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.monitor.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.monitor.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.monitor.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.notebooks.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.notebooks.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.notebooks.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.ods.opinsights.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.ods.opinsights.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.ods.opinsights.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.ods.opinsights.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.ods.opinsights.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.ods.opinsights.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.ods.opinsights.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.ods.opinsights.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.ods.opinsights.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.oms.opinsights.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.oms.opinsights.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.oms.opinsights.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.oms.opinsights.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.oms.opinsights.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.oms.opinsights.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.oms.opinsights.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.oms.opinsights.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.oms.opinsights.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.prod.migration.windowsazure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.prod.migration.windowsazure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.prod.migration.windowsazure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.prod.migration.windowsazure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.prod.migration.windowsazure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.prod.migration.windowsazure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.prod.migration.windowsazure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.prod.migration.windowsazure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.prod.migration.windowsazure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.queue.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.queue.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.queue.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.redis.cache.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.redis.cache.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.redis.cache.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.redis.cache.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.redis.cache.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.redis.cache.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.redis.cache.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.redis.cache.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.redis.cache.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.search.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.search.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.search.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.service.signalr.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.service.signalr.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.service.signalr.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.service.signalr.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.service.signalr.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.service.signalr.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.service.signalr.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.service.signalr.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.service.signalr.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.servicebus.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.servicebus.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.servicebus.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.siterecovery.windowsazure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.siterecovery.windowsazure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.siterecovery.windowsazure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.siterecovery.windowsazure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.siterecovery.windowsazure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.siterecovery.windowsazure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.siterecovery.windowsazure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.siterecovery.windowsazure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.siterecovery.windowsazure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.table.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.table.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.table.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.table.cosmos.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.table.cosmos.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.cosmos.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.table.cosmos.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.vaultcore.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.vaultcore.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.vaultcore.azure.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.web.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.web.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.web.core.windows.net",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "private_dns_zone_name": "privatelink.webpubsub.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "private_dns_zone_name": "privatelink.webpubsub.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_private_dns_zone_virtual_network_link.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_private_dns_zone_virtual_network_link",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com/virtualNetworkLinks/fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "fa2fa118-a60d-4700-9ef1-fa02beeaaea5-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "private_dns_zone_name": "privatelink.webpubsub.azure.com",
- "registration_enabled": false,
- "resource_group_name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": {
- "create": null,
- "delete": null,
- "read": null,
- "update": null
- },
- "virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "tags": {},
- "timeouts": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_public_ip.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-ergw-northeurope-pip\"]",
- "mode": "managed",
- "type": "azurerm_public_ip",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-ergw-northeurope-pip",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allocation_method": "Static",
- "ddos_protection_mode": "VirtualNetworkInherited",
- "ddos_protection_plan_id": null,
- "domain_name_label": null,
- "edge_zone": null,
- "idle_timeout_in_minutes": 4,
- "ip_tags": null,
- "ip_version": "IPv4",
- "location": "northeurope",
- "name": "root-id-1-ergw-northeurope-pip",
- "public_ip_prefix_id": null,
- "resource_group_name": "root-id-1-connectivity-northeurope",
- "reverse_fqdn": null,
- "sku": "Standard",
- "sku_tier": "Regional",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "zones": [
- "1",
- "2",
- "3"
- ]
- },
- "sensitive_values": {
- "tags": {},
- "zones": [
- false,
- false,
- false
- ]
- }
- },
- {
- "address": "module.test_connectivity.azurerm_public_ip.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-fw-northeurope-pip\"]",
- "mode": "managed",
- "type": "azurerm_public_ip",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-fw-northeurope-pip",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allocation_method": "Static",
- "ddos_protection_mode": "VirtualNetworkInherited",
- "ddos_protection_plan_id": null,
- "domain_name_label": null,
- "edge_zone": null,
- "idle_timeout_in_minutes": 4,
- "ip_tags": null,
- "ip_version": "IPv4",
- "location": "northeurope",
- "name": "root-id-1-fw-northeurope-pip",
- "public_ip_prefix_id": null,
- "resource_group_name": "root-id-1-connectivity-northeurope",
- "reverse_fqdn": null,
- "sku": "Standard",
- "sku_tier": "Regional",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "zones": [
- "1",
- "2",
- "3"
- ]
- },
- "sensitive_values": {
- "tags": {},
- "zones": [
- false,
- false,
- false
- ]
- }
- },
- {
- "address": "module.test_connectivity.azurerm_public_ip.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-vpngw-northeurope-pip\"]",
- "mode": "managed",
- "type": "azurerm_public_ip",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-vpngw-northeurope-pip",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allocation_method": "Static",
- "ddos_protection_mode": "VirtualNetworkInherited",
- "ddos_protection_plan_id": null,
- "domain_name_label": null,
- "edge_zone": null,
- "idle_timeout_in_minutes": 4,
- "ip_tags": null,
- "ip_version": "IPv4",
- "location": "northeurope",
- "name": "root-id-1-vpngw-northeurope-pip",
- "public_ip_prefix_id": null,
- "resource_group_name": "root-id-1-connectivity-northeurope",
- "reverse_fqdn": null,
- "sku": "Standard",
- "sku_tier": "Regional",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "zones": [
- "1",
- "2",
- "3"
- ]
- },
- "sensitive_values": {
- "tags": {},
- "zones": [
- false,
- false,
- false
- ]
- }
- },
- {
- "address": "module.test_connectivity.azurerm_public_ip.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-vpngw-northeurope-pip2\"]",
- "mode": "managed",
- "type": "azurerm_public_ip",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-vpngw-northeurope-pip2",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allocation_method": "Static",
- "ddos_protection_mode": "VirtualNetworkInherited",
- "ddos_protection_plan_id": null,
- "domain_name_label": null,
- "edge_zone": null,
- "idle_timeout_in_minutes": 4,
- "ip_tags": null,
- "ip_version": "IPv4",
- "location": "northeurope",
- "name": "root-id-1-vpngw-northeurope-pip2",
- "public_ip_prefix_id": null,
- "resource_group_name": "root-id-1-connectivity-northeurope",
- "reverse_fqdn": null,
- "sku": "Standard",
- "sku_tier": "Regional",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "zones": [
- "1",
- "2",
- "3"
- ]
- },
- "sensitive_values": {
- "tags": {},
- "zones": [
- false,
- false,
- false
- ]
- }
- },
- {
- "address": "module.test_connectivity.azurerm_public_ip.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/publicIPAddresses/root-id-1-fw-uksouth-mgmt-pip\"]",
- "mode": "managed",
- "type": "azurerm_public_ip",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/publicIPAddresses/root-id-1-fw-uksouth-mgmt-pip",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allocation_method": "Static",
- "ddos_protection_mode": "VirtualNetworkInherited",
- "ddos_protection_plan_id": null,
- "domain_name_label": null,
- "edge_zone": null,
- "idle_timeout_in_minutes": 4,
- "ip_tags": null,
- "ip_version": "IPv4",
- "location": "uksouth",
- "name": "root-id-1-fw-uksouth-mgmt-pip",
- "public_ip_prefix_id": null,
- "resource_group_name": "root-id-1-connectivity-uksouth",
- "reverse_fqdn": null,
- "sku": "Standard",
- "sku_tier": "Regional",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "zones": [
- "1",
- "2",
- "3"
- ]
- },
- "sensitive_values": {
- "tags": {},
- "zones": [
- false,
- false,
- false
- ]
- }
- },
- {
- "address": "module.test_connectivity.azurerm_public_ip.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/publicIPAddresses/root-id-1-fw-uksouth-pip\"]",
- "mode": "managed",
- "type": "azurerm_public_ip",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/publicIPAddresses/root-id-1-fw-uksouth-pip",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allocation_method": "Static",
- "ddos_protection_mode": "VirtualNetworkInherited",
- "ddos_protection_plan_id": null,
- "domain_name_label": null,
- "edge_zone": null,
- "idle_timeout_in_minutes": 4,
- "ip_tags": null,
- "ip_version": "IPv4",
- "location": "uksouth",
- "name": "root-id-1-fw-uksouth-pip",
- "public_ip_prefix_id": null,
- "resource_group_name": "root-id-1-connectivity-uksouth",
- "reverse_fqdn": null,
- "sku": "Standard",
- "sku_tier": "Regional",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "zones": [
- "1",
- "2",
- "3"
- ]
- },
- "sensitive_values": {
- "tags": {},
- "zones": [
- false,
- false,
- false
- ]
- }
- },
- {
- "address": "module.test_connectivity.azurerm_public_ip.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-vpngw-westeurope-pip\"]",
- "mode": "managed",
- "type": "azurerm_public_ip",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-vpngw-westeurope-pip",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allocation_method": "Dynamic",
- "ddos_protection_mode": "VirtualNetworkInherited",
- "ddos_protection_plan_id": null,
- "domain_name_label": null,
- "edge_zone": null,
- "idle_timeout_in_minutes": 4,
- "ip_tags": null,
- "ip_version": "IPv4",
- "location": "westeurope",
- "name": "root-id-1-vpngw-westeurope-pip",
- "public_ip_prefix_id": null,
- "resource_group_name": "root-id-1-connectivity-westeurope",
- "reverse_fqdn": null,
- "sku": "Basic",
- "sku_tier": "Regional",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "zones": null
- },
- "sensitive_values": {
- "tags": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_resource_group.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope\"]",
- "mode": "managed",
- "type": "azurerm_resource_group",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "location": "northeurope",
- "managed_by": null,
- "name": "root-id-1-connectivity-northeurope",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null
- },
- "sensitive_values": {
- "tags": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_resource_group.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth\"]",
- "mode": "managed",
- "type": "azurerm_resource_group",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "location": "uksouth",
- "managed_by": null,
- "name": "root-id-1-connectivity-uksouth",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null
- },
- "sensitive_values": {
- "tags": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_resource_group.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope\"]",
- "mode": "managed",
- "type": "azurerm_resource_group",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "location": "westeurope",
- "managed_by": null,
- "name": "root-id-1-connectivity-westeurope",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null
- },
- "sensitive_values": {
- "tags": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_resource_group.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns\"]",
- "mode": "managed",
- "type": "azurerm_resource_group",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "location": "northeurope",
- "managed_by": null,
- "name": "root-id-1-dns",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null
- },
- "sensitive_values": {
- "tags": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_resource_group.virtual_wan[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity\"]",
- "mode": "managed",
- "type": "azurerm_resource_group",
- "name": "virtual_wan",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "location": "northeurope",
- "managed_by": null,
- "name": "root-id-1-connectivity",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null
- },
- "sensitive_values": {
- "tags": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_subnet.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope/subnets/AzureFirewallSubnet\"]",
- "mode": "managed",
- "type": "azurerm_subnet",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope/subnets/AzureFirewallSubnet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "address_prefixes": [
- "10.100.0.0/24"
- ],
- "delegation": [],
- "name": "AzureFirewallSubnet",
- "resource_group_name": "root-id-1-connectivity-northeurope",
- "service_endpoint_policy_ids": null,
- "service_endpoints": null,
- "timeouts": null,
- "virtual_network_name": "root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "address_prefixes": [
- false
- ],
- "delegation": []
- }
- },
- {
- "address": "module.test_connectivity.azurerm_subnet.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope/subnets/GatewaySubnet\"]",
- "mode": "managed",
- "type": "azurerm_subnet",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope/subnets/GatewaySubnet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "address_prefixes": [
- "10.100.1.0/24"
- ],
- "delegation": [],
- "name": "GatewaySubnet",
- "resource_group_name": "root-id-1-connectivity-northeurope",
- "service_endpoint_policy_ids": null,
- "service_endpoints": null,
- "timeouts": null,
- "virtual_network_name": "root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "address_prefixes": [
- false
- ],
- "delegation": []
- }
- },
- {
- "address": "module.test_connectivity.azurerm_subnet.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth/subnets/AzureFirewallManagementSubnet\"]",
- "mode": "managed",
- "type": "azurerm_subnet",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth/subnets/AzureFirewallManagementSubnet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "address_prefixes": [
- "10.102.1.0/24"
- ],
- "delegation": [],
- "name": "AzureFirewallManagementSubnet",
- "resource_group_name": "root-id-1-connectivity-uksouth",
- "service_endpoint_policy_ids": null,
- "service_endpoints": null,
- "timeouts": null,
- "virtual_network_name": "root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "address_prefixes": [
- false
- ],
- "delegation": []
- }
- },
- {
- "address": "module.test_connectivity.azurerm_subnet.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth/subnets/AzureFirewallSubnet\"]",
- "mode": "managed",
- "type": "azurerm_subnet",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth/subnets/AzureFirewallSubnet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "address_prefixes": [
- "10.102.0.0/24"
- ],
- "delegation": [],
- "name": "AzureFirewallSubnet",
- "resource_group_name": "root-id-1-connectivity-uksouth",
- "service_endpoint_policy_ids": null,
- "service_endpoints": null,
- "timeouts": null,
- "virtual_network_name": "root-id-1-hub-uksouth"
- },
- "sensitive_values": {
- "address_prefixes": [
- false
- ],
- "delegation": []
- }
- },
- {
- "address": "module.test_connectivity.azurerm_subnet.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope/subnets/GatewaySubnet\"]",
- "mode": "managed",
- "type": "azurerm_subnet",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope/subnets/GatewaySubnet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "address_prefixes": [
- "10.101.1.0/24"
- ],
- "delegation": [],
- "name": "GatewaySubnet",
- "resource_group_name": "root-id-1-connectivity-westeurope",
- "service_endpoint_policy_ids": null,
- "service_endpoints": null,
- "timeouts": null,
- "virtual_network_name": "root-id-1-hub-westeurope"
- },
- "sensitive_values": {
- "address_prefixes": [
- false
- ],
- "delegation": []
- }
- },
- {
- "address": "module.test_connectivity.azurerm_subscription_template_deployment.telemetry_connectivity[0]",
- "mode": "managed",
- "type": "azurerm_subscription_template_deployment",
- "name": "telemetry_connectivity",
- "index": 0,
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "debug_level": null,
- "location": "northeurope",
- "tags": null,
- "template_content": "{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{\"telemetry\":{\"type\":\"String\",\"value\":\"For more information, see https://aka.ms/alz/tf/telemetry\"}},\"parameters\":{},\"resources\":[],\"variables\":{}}",
- "template_spec_version_id": null,
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_connectivity.azurerm_subscription_template_deployment.telemetry_core[0]",
- "mode": "managed",
- "type": "azurerm_subscription_template_deployment",
- "name": "telemetry_core",
- "index": 0,
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "debug_level": null,
- "location": "northeurope",
- "tags": null,
- "template_content": "{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{\"telemetry\":{\"type\":\"String\",\"value\":\"For more information, see https://aka.ms/alz/tf/telemetry\"}},\"parameters\":{},\"resources\":[],\"variables\":{}}",
- "template_spec_version_id": null,
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_hub.virtual_wan[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualHubs/root-id-1-hub-northeurope\"]",
- "mode": "managed",
- "type": "azurerm_virtual_hub",
- "name": "virtual_wan",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualHubs/root-id-1-hub-northeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "address_prefix": "10.200.0.0/22",
- "hub_routing_preference": "ExpressRoute",
- "location": "northeurope",
- "name": "root-id-1-hub-northeurope",
- "resource_group_name": "root-id-1-connectivity",
- "route": [],
- "sku": "Standard",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "virtual_router_auto_scale_min_capacity": 2,
- "virtual_wan_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualWans/root-id-1-vwan-northeurope"
- },
- "sensitive_values": {
- "route": [],
- "tags": {},
- "virtual_router_ips": []
- }
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_hub.virtual_wan[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualHubs/root-id-1-hub-westeurope\"]",
- "mode": "managed",
- "type": "azurerm_virtual_hub",
- "name": "virtual_wan",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualHubs/root-id-1-hub-westeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "address_prefix": "10.201.0.0/22",
- "hub_routing_preference": "ExpressRoute",
- "location": "westeurope",
- "name": "root-id-1-hub-westeurope",
- "resource_group_name": "root-id-1-connectivity",
- "route": [],
- "sku": "Standard",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "virtual_router_auto_scale_min_capacity": 2,
- "virtual_wan_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualWans/root-id-1-vwan-northeurope"
- },
- "sensitive_values": {
- "route": [],
- "tags": {},
- "virtual_router_ips": []
- }
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_hub_routing_intent.virtual_wan[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualHubs/root-id-1-hub-northeurope/root-id-1-routingintent-northeurope\"]",
- "mode": "managed",
- "type": "azurerm_virtual_hub_routing_intent",
- "name": "virtual_wan",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualHubs/root-id-1-hub-northeurope/root-id-1-routingintent-northeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "name": "root-id-1-routingintent-northeurope",
- "routing_policy": [
- {
- "destinations": [
- "Internet"
- ],
- "name": "InternetTrafficPolicy",
- "next_hop": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/azureFirewalls/root-id-1-fw-hub-northeurope"
- }
- ],
- "timeouts": null,
- "virtual_hub_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualHubs/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "routing_policy": [
- {
- "destinations": [
- false
- ]
- }
- ]
- }
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_network.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope\"]",
- "mode": "managed",
- "type": "azurerm_virtual_network",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "address_space": [
- "10.100.0.0/22"
- ],
- "bgp_community": null,
- "ddos_protection_plan": [],
- "dns_servers": [],
- "edge_zone": null,
- "encryption": [],
- "flow_timeout_in_minutes": null,
- "location": "northeurope",
- "name": "root-id-1-hub-northeurope",
- "resource_group_name": "root-id-1-connectivity-northeurope",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null
- },
- "sensitive_values": {
- "address_space": [
- false
- ],
- "ddos_protection_plan": [],
- "dns_servers": [],
- "encryption": [],
- "subnet": [],
- "tags": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_network.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth\"]",
- "mode": "managed",
- "type": "azurerm_virtual_network",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "address_space": [
- "10.102.0.0/22"
- ],
- "bgp_community": null,
- "ddos_protection_plan": [],
- "dns_servers": [],
- "edge_zone": null,
- "encryption": [],
- "flow_timeout_in_minutes": null,
- "location": "uksouth",
- "name": "root-id-1-hub-uksouth",
- "resource_group_name": "root-id-1-connectivity-uksouth",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null
- },
- "sensitive_values": {
- "address_space": [
- false
- ],
- "ddos_protection_plan": [],
- "dns_servers": [],
- "encryption": [],
- "subnet": [],
- "tags": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_network.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope\"]",
- "mode": "managed",
- "type": "azurerm_virtual_network",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "address_space": [
- "10.101.0.0/22"
- ],
- "bgp_community": null,
- "ddos_protection_plan": [],
- "dns_servers": [],
- "edge_zone": null,
- "encryption": [],
- "flow_timeout_in_minutes": null,
- "location": "westeurope",
- "name": "root-id-1-hub-westeurope",
- "resource_group_name": "root-id-1-connectivity-westeurope",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null
- },
- "sensitive_values": {
- "address_space": [
- false
- ],
- "ddos_protection_plan": [],
- "dns_servers": [],
- "encryption": [],
- "subnet": [],
- "tags": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_network_gateway.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworkGateways/root-id-1-ergw-northeurope\"]",
- "mode": "managed",
- "type": "azurerm_virtual_network_gateway",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworkGateways/root-id-1-ergw-northeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "custom_route": [],
- "default_local_network_gateway_id": null,
- "edge_zone": null,
- "ip_configuration": [
- {
- "name": "root-id-1-ergw-northeurope-pip",
- "private_ip_address_allocation": "Dynamic",
- "public_ip_address_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-ergw-northeurope-pip",
- "subnet_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope/subnets/GatewaySubnet"
- }
- ],
- "location": "northeurope",
- "name": "root-id-1-ergw-northeurope",
- "private_ip_address_enabled": null,
- "resource_group_name": "root-id-1-connectivity-northeurope",
- "sku": "ErGw1AZ",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "type": "ExpressRoute",
- "vpn_client_configuration": [],
- "vpn_type": "RouteBased"
- },
- "sensitive_values": {
- "bgp_settings": [],
- "custom_route": [],
- "ip_configuration": [
- {}
- ],
- "tags": {},
- "vpn_client_configuration": []
- }
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_network_gateway.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworkGateways/root-id-1-vpngw-northeurope\"]",
- "mode": "managed",
- "type": "azurerm_virtual_network_gateway",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworkGateways/root-id-1-vpngw-northeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "active_active": true,
- "custom_route": [],
- "default_local_network_gateway_id": null,
- "edge_zone": null,
- "enable_bgp": true,
- "generation": "Generation2",
- "ip_configuration": [
- {
- "name": "root-id-1-vpngw-northeurope-pip",
- "private_ip_address_allocation": "Dynamic",
- "public_ip_address_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-vpngw-northeurope-pip",
- "subnet_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope/subnets/GatewaySubnet"
- },
- {
- "name": "root-id-1-vpngw-northeurope-pip2",
- "private_ip_address_allocation": "Dynamic",
- "public_ip_address_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-vpngw-northeurope-pip2",
- "subnet_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope/subnets/GatewaySubnet"
- }
- ],
- "location": "northeurope",
- "name": "root-id-1-vpngw-northeurope",
- "private_ip_address_enabled": true,
- "resource_group_name": "root-id-1-connectivity-northeurope",
- "sku": "VpnGw2AZ",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "type": "Vpn",
- "vpn_client_configuration": [],
- "vpn_type": "RouteBased"
- },
- "sensitive_values": {
- "bgp_settings": [],
- "custom_route": [],
- "ip_configuration": [
- {},
- {}
- ],
- "tags": {},
- "vpn_client_configuration": []
- }
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_network_gateway.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworkGateways/root-id-1-vpngw-westeurope\"]",
- "mode": "managed",
- "type": "azurerm_virtual_network_gateway",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworkGateways/root-id-1-vpngw-westeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "active_active": false,
- "custom_route": [],
- "default_local_network_gateway_id": null,
- "edge_zone": null,
- "enable_bgp": false,
- "generation": "Generation1",
- "ip_configuration": [
- {
- "name": "root-id-1-vpngw-westeurope-pip",
- "private_ip_address_allocation": "Dynamic",
- "public_ip_address_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/publicIPAddresses/root-id-1-vpngw-westeurope-pip",
- "subnet_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope/subnets/GatewaySubnet"
- }
- ],
- "location": "westeurope",
- "name": "root-id-1-vpngw-westeurope",
- "private_ip_address_enabled": null,
- "resource_group_name": "root-id-1-connectivity-westeurope",
- "sku": "VpnGw1",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "type": "Vpn",
- "vpn_client_configuration": [],
- "vpn_type": "RouteBased"
- },
- "sensitive_values": {
- "bgp_settings": [],
- "custom_route": [],
- "ip_configuration": [
- {}
- ],
- "tags": {},
- "vpn_client_configuration": []
- }
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_network_peering.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope/virtualNetworkPeerings/peering-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_virtual_network_peering",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope/virtualNetworkPeerings/peering-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allow_forwarded_traffic": true,
- "allow_gateway_transit": true,
- "allow_virtual_network_access": true,
- "name": "peering-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "remote_virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope",
- "resource_group_name": "root-id-1-connectivity-northeurope",
- "timeouts": null,
- "triggers": null,
- "use_remote_gateways": false,
- "virtual_network_name": "root-id-1-hub-northeurope"
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_network_peering.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope/virtualNetworkPeerings/peering-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_virtual_network_peering",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope/virtualNetworkPeerings/peering-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allow_forwarded_traffic": true,
- "allow_gateway_transit": true,
- "allow_virtual_network_access": true,
- "name": "peering-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "remote_virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth",
- "resource_group_name": "root-id-1-connectivity-northeurope",
- "timeouts": null,
- "triggers": null,
- "use_remote_gateways": false,
- "virtual_network_name": "root-id-1-hub-northeurope"
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_network_peering.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth/virtualNetworkPeerings/peering-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626\"]",
- "mode": "managed",
- "type": "azurerm_virtual_network_peering",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth/virtualNetworkPeerings/peering-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allow_forwarded_traffic": true,
- "allow_gateway_transit": true,
- "allow_virtual_network_access": true,
- "name": "peering-32e4fb6d-8d44-5cd6-a7b6-aa17ca11b626",
- "remote_virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope",
- "resource_group_name": "root-id-1-connectivity-uksouth",
- "timeouts": null,
- "triggers": null,
- "use_remote_gateways": false,
- "virtual_network_name": "root-id-1-hub-uksouth"
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_network_peering.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth/virtualNetworkPeerings/peering-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_virtual_network_peering",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth/virtualNetworkPeerings/peering-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allow_forwarded_traffic": true,
- "allow_gateway_transit": true,
- "allow_virtual_network_access": true,
- "name": "peering-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "remote_virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope",
- "resource_group_name": "root-id-1-connectivity-uksouth",
- "timeouts": null,
- "triggers": null,
- "use_remote_gateways": false,
- "virtual_network_name": "root-id-1-hub-uksouth"
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_network_peering.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope/virtualNetworkPeerings/peering-7cc7e26d-5e16-5672-8dc0-e48b94f1beea\"]",
- "mode": "managed",
- "type": "azurerm_virtual_network_peering",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope/virtualNetworkPeerings/peering-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allow_forwarded_traffic": true,
- "allow_gateway_transit": true,
- "allow_virtual_network_access": true,
- "name": "peering-7cc7e26d-5e16-5672-8dc0-e48b94f1beea",
- "remote_virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-uksouth/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-uksouth",
- "resource_group_name": "root-id-1-connectivity-westeurope",
- "timeouts": null,
- "triggers": null,
- "use_remote_gateways": false,
- "virtual_network_name": "root-id-1-hub-westeurope"
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_network_peering.connectivity[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope/virtualNetworkPeerings/peering-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0\"]",
- "mode": "managed",
- "type": "azurerm_virtual_network_peering",
- "name": "connectivity",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-westeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-westeurope/virtualNetworkPeerings/peering-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allow_forwarded_traffic": true,
- "allow_gateway_transit": true,
- "allow_virtual_network_access": true,
- "name": "peering-f8bddac9-6d62-5e41-9c52-1bf7a4263cc0",
- "remote_virtual_network_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity-northeurope/providers/Microsoft.Network/virtualNetworks/root-id-1-hub-northeurope",
- "resource_group_name": "root-id-1-connectivity-westeurope",
- "timeouts": null,
- "triggers": null,
- "use_remote_gateways": false,
- "virtual_network_name": "root-id-1-hub-westeurope"
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_connectivity.azurerm_virtual_wan.virtual_wan[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualWans/root-id-1-vwan-northeurope\"]",
- "mode": "managed",
- "type": "azurerm_virtual_wan",
- "name": "virtual_wan",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualWans/root-id-1-vwan-northeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "allow_branch_to_branch_traffic": true,
- "disable_vpn_encryption": false,
- "location": "northeurope",
- "name": "root-id-1-vwan-northeurope",
- "office365_local_breakout_category": "None",
- "resource_group_name": "root-id-1-connectivity",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "type": "Standard"
- },
- "sensitive_values": {
- "tags": {}
- }
- },
- {
- "address": "module.test_connectivity.azurerm_vpn_gateway.virtual_wan[\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/vpnGateways/root-id-1-vpngw-northeurope\"]",
- "mode": "managed",
- "type": "azurerm_vpn_gateway",
- "name": "virtual_wan",
- "index": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/vpnGateways/root-id-1-vpngw-northeurope",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "bgp_route_translation_for_nat_enabled": false,
- "location": "northeurope",
- "name": "root-id-1-vpngw-northeurope",
- "resource_group_name": "root-id-1-connectivity",
- "routing_preference": "Microsoft Network",
- "scale_unit": 1,
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework"
- },
- "timeouts": null,
- "virtual_hub_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-connectivity/providers/Microsoft.Network/virtualHubs/root-id-1-hub-northeurope"
- },
- "sensitive_values": {
- "bgp_settings": [],
- "tags": {}
- }
- },
- {
- "address": "module.test_connectivity.random_id.telem[0]",
- "mode": "managed",
- "type": "random_id",
- "name": "telem",
- "index": 0,
- "provider_name": "registry.terraform.io/hashicorp/random",
- "schema_version": 0,
- "values": {
- "byte_length": 4,
- "keepers": null,
- "prefix": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_connectivity.time_sleep.after_azurerm_management_group",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_management_group",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_management_group_level_1": "[]",
- "azurerm_management_group_level_2": "[]",
- "azurerm_management_group_level_3": "[]",
- "azurerm_management_group_level_4": "[]",
- "azurerm_management_group_level_5": "[]",
- "azurerm_management_group_level_6": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_connectivity.time_sleep.after_azurerm_policy_assignment",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_assignment",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_management_group_policy_assignment_enterprise_scale": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_connectivity.time_sleep.after_azurerm_policy_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_policy_definition_enterprise_scale": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_connectivity.time_sleep.after_azurerm_policy_set_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_set_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_policy_set_definition_enterprise_scale": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_connectivity.time_sleep.after_azurerm_role_assignment",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_role_assignment",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "0s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_role_assignment_enterprise_scale": "[]",
- "module_role_assignments_for_policy": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_connectivity.time_sleep.after_azurerm_role_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_role_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "60s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_role_definition_enterprise_scale": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- }
- ],
- "address": "module.test_connectivity"
- },
- {
- "resources": [
- {
- "address": "module.test_core.azurerm_management_group.level_1[\"/providers/Microsoft.Management/managementGroups/root-id-1\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_1",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "root-name",
- "name": "root-id-1",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/dac8feee-8768-4fbd-9cf9-9d96d4718018",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_2[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_2",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Decommissioned",
- "name": "root-id-1-decommissioned",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_2[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_2",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Landing Zones",
- "name": "root-id-1-landing-zones",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_2[\"/providers/Microsoft.Management/managementGroups/root-id-1-platform\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_2",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Platform",
- "name": "root-id-1-platform",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_2[\"/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_2",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Sandboxes",
- "name": "root-id-1-sandboxes",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Connectivity",
- "name": "root-id-1-connectivity",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Corp",
- "name": "root-id-1-corp",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Identity",
- "name": "root-id-1-identity",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-management\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-management",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Management",
- "name": "root-id-1-management",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-online\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-online",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Online",
- "name": "root-id-1-online",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-sap\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-sap",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "SAP",
- "name": "root-id-1-sap",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_3[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_3",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Secure Workloads (HITRUST/HIPAA)",
- "name": "root-id-1-secure",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_4[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-emea\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_4",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-emea",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "EMEA Web Applications",
- "name": "root-id-1-web-emea",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-online",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_4[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-global\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_4",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-global",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Global Web Applications",
- "name": "root-id-1-web-global",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-online",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group.level_4[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-us\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_4",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-us",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "US Web Applications",
- "name": "root-id-1-web-us",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-online",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Protect your virtual networks against volumetric and protocol attacks with Azure DDoS Network Protection. For more information, visit https://aka.ms/ddosprotectiondocs.",
- "display_name": "Virtual networks should be protected by Azure DDoS Network Protection",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "name": "Enable-DDoS-VNET",
- "non_compliance_message": [
- {
- "content": "This resource should be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"ddosPlan\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-ddos/providers/Microsoft.Network/ddosProtectionPlans/root-id-1-ddos-northeurope\"},\"effect\":{\"value\":\"Modify\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Audit-PeDnsZones\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Audit-PeDnsZones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audits the deployment of Private Link Private DNS Zone resources in the Corp landing zone.",
- "display_name": "Audit Private Link Private DNS Zone resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "name": "Audit-PeDnsZones",
- "non_compliance_message": [
- {
- "content": "Private Link Private DNS Zone resources must be deployed in the Corp landing zone.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Audit\"},\"privateLinkDnsZones\":{\"value\":[\"privatelink.adf.azure.com\",\"privatelink.afs.azure.net\",\"privatelink.agentsvc.azure-automation.net\",\"privatelink.analysis.windows.net\",\"privatelink.api.azureml.ms\",\"privatelink.azconfig.io\",\"privatelink.azure-api.net\",\"privatelink.azure-automation.net\",\"privatelink.azurecr.io\",\"privatelink.azure-devices.net\",\"privatelink.azure-devices-provisioning.net\",\"privatelink.azuredatabricks.net\",\"privatelink.azurehdinsight.net\",\"privatelink.azurehealthcareapis.com\",\"privatelink.azurestaticapps.net\",\"privatelink.azuresynapse.net\",\"privatelink.azurewebsites.net\",\"privatelink.northeurope.batch.azure.com\",\"privatelink.blob.core.windows.net\",\"privatelink.cassandra.cosmos.azure.com\",\"privatelink.cognitiveservices.azure.com\",\"privatelink.database.windows.net\",\"privatelink.datafactory.azure.net\",\"privatelink.dev.azuresynapse.net\",\"privatelink.dfs.core.windows.net\",\"privatelink.dicom.azurehealthcareapis.com\",\"privatelink.digitaltwins.azure.net\",\"privatelink.directline.botframework.com\",\"privatelink.documents.azure.com\",\"privatelink.eventgrid.azure.net\",\"privatelink.file.core.windows.net\",\"privatelink.gremlin.cosmos.azure.com\",\"privatelink.guestconfiguration.azure.com\",\"privatelink.his.arc.azure.com\",\"privatelink.kubernetesconfiguration.azure.com\",\"privatelink.managedhsm.azure.net\",\"privatelink.mariadb.database.azure.com\",\"privatelink.media.azure.net\",\"privatelink.mongo.cosmos.azure.com\",\"privatelink.monitor.azure.com\",\"privatelink.mysql.database.azure.com\",\"privatelink.notebooks.azure.net\",\"privatelink.ods.opinsights.azure.com\",\"privatelink.oms.opinsights.azure.com\",\"privatelink.pbidedicated.windows.net\",\"privatelink.postgres.database.azure.com\",\"privatelink.prod.migration.windowsazure.com\",\"privatelink.purview.azure.com\",\"privatelink.purviewstudio.azure.com\",\"privatelink.queue.core.windows.net\",\"privatelink.redis.cache.windows.net\",\"privatelink.redisenterprise.cache.azure.net\",\"privatelink.search.windows.net\",\"privatelink.service.signalr.net\",\"privatelink.servicebus.windows.net\",\"privatelink.siterecovery.windowsazure.com\",\"privatelink.sql.azuresynapse.net\",\"privatelink.table.core.windows.net\",\"privatelink.table.cosmos.azure.com\",\"privatelink.tip1.powerquery.microsoft.com\",\"privatelink.token.botframework.com\",\"privatelink.vaultcore.azure.net\",\"privatelink.web.core.windows.net\",\"privatelink.webpubsub.azure.com\"]}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-HybridNetworking\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-HybridNetworking",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Denies deployment of vWAN/ER/VPN gateway resources in the Corp landing zone.",
- "display_name": "Deny the deployment of vWAN/ER/VPN gateway resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "name": "Deny-HybridNetworking",
- "non_compliance_message": [
- {
- "content": "vWAN/ER/VPN gateway resources must not be deployed in the Corp landing zone.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"},\"listOfResourceTypesNotAllowed\":{\"value\":[\"microsoft.network/expressroutecircuits\",\"microsoft.network/expressroutegateways\",\"microsoft.network/expressrouteports\",\"microsoft.network/virtualwans\",\"microsoft.network/virtualhubs\",\"microsoft.network/vpngateways\",\"microsoft.network/p2svpngateways\",\"microsoft.network/vpnsites\",\"microsoft.network/virtualnetworkgateways\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-Endpoints\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-Endpoints",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints",
- "display_name": "Public network access should be disabled for PaaS services",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "name": "Deny-Public-Endpoints",
- "non_compliance_message": [
- {
- "content": "Public network access must be disabled for PaaS services.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP-On-NIC\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP-On-NIC",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies network interfaces from having a public IP associated to it under the assigned scope.",
- "display_name": "Deny network interfaces having a public IP associated",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "name": "Deny-Public-IP-On-NIC",
- "non_compliance_message": [
- {
- "content": "Network interfaces must not have a public IP associated.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones",
- "display_name": "Configure Azure PaaS services to use private DNS zones",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "name": "Deploy-Private-DNS-Zones",
- "non_compliance_message": [
- {
- "content": "Azure PaaS services should use private DNS zones.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"azureAcrPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io\"},\"azureAppPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io\"},\"azureAppServicesPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net\"},\"azureAsrPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.siterecovery.windowsazure.com\"},\"azureAutomationDSCHybridPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net\"},\"azureAutomationWebhookPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net\"},\"azureBatchPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com\"},\"azureCognitiveSearchPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.search.windows.net\"},\"azureCognitiveServicesPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cognitiveservices.azure.com\"},\"azureCosmosCassandraPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.cassandra.cosmos.azure.com\"},\"azureCosmosGremlinPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.gremlin.cosmos.azure.com\"},\"azureCosmosMongoPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.mongo.cosmos.azure.com\"},\"azureCosmosSQLPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com\"},\"azureCosmosTablePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.table.cosmos.azure.com\"},\"azureDataFactoryPortalPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com\"},\"azureDataFactoryPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net\"},\"azureDatabricksPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azuredatabricks.net\"},\"azureDiskAccessPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net\"},\"azureEventGridDomainsPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net\"},\"azureEventGridTopicsPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.eventgrid.azure.net\"},\"azureEventHubNamespacePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net\"},\"azureFilePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.afs.azure.net\"},\"azureHDInsightPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azurehdinsight.net\"},\"azureIotHubsPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices.net\"},\"azureIotPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.azure-devices-provisioning.net\"},\"azureKeyVaultPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net\"},\"azureMachineLearningWorkspacePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms\"},\"azureMediaServicesKeyPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net\"},\"azureMediaServicesLivePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net\"},\"azureMediaServicesStreamPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.media.azure.net\"},\"azureMigratePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.prod.migration.windowsazure.com\"},\"azureMonitorPrivateDnsZoneId1\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.monitor.azure.com\"},\"azureMonitorPrivateDnsZoneId2\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.oms.opinsights.azure.com\"},\"azureMonitorPrivateDnsZoneId3\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.ods.opinsights.azure.com\"},\"azureMonitorPrivateDnsZoneId4\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.agentsvc.azure-automation.net\"},\"azureMonitorPrivateDnsZoneId5\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net\"},\"azureRedisCachePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.redis.cache.windows.net\"},\"azureServiceBusNamespacePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net\"},\"azureSignalRPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.service.signalr.net\"},\"azureStorageBlobPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net\"},\"azureStorageBlobSecPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net\"},\"azureStorageDFSPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dfs.core.windows.net\"},\"azureStorageDFSSecPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dfs.core.windows.net\"},\"azureStorageFilePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net\"},\"azureStorageQueuePrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net\"},\"azureStorageQueueSecPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net\"},\"azureStorageStaticWebPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net\"},\"azureStorageStaticWebSecPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net\"},\"azureSynapseDevPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.dev.azuresynapse.net\"},\"azureSynapseSQLODPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net\"},\"azureSynapseSQLPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.sql.azuresynapse.net\"},\"azureWebPrivateDnsZoneId\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-dns/providers/Microsoft.Network/privateDnsZones/privatelink.webpubsub.azure.com\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative will help enforce and govern subscriptions that are placed within the decommissioned Management Group as part of your Subscription decommissioning process. See https://aka.ms/alz/policies for more information.",
- "display_name": "Enforce ALZ Decommissioned Guardrails",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned",
- "name": "Enforce-ALZ-Decomm",
- "non_compliance_message": [
- {
- "content": "This resource must be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfResourceTypesAllowed\":{\"value\":[\"microsoft.consumption/tags\",\"microsoft.authorization/roleassignments\",\"microsoft.authorization/roledefinitions\",\"microsoft.authorization/policyassignments\",\"microsoft.authorization/locks\",\"microsoft.authorization/policydefinitions\",\"microsoft.authorization/policysetdefinitions\",\"microsoft.resources/tags\",\"microsoft.authorization/roleeligibilityschedules\",\"microsoft.authorization/roleeligibilityscheduleinstances\",\"microsoft.authorization/roleassignmentschedules\",\"microsoft.authorization/roleassignmentscheduleinstances\"]}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies any network security rule that allows management port access from the Internet",
- "display_name": "Management port access from the Internet should be blocked",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "name": "Deny-MgmtPorts-Internet",
- "non_compliance_message": [
- {
- "content": "Management port access from the Internet must be blocked.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies creation of Public IPs under the assigned scope.",
- "display_name": "Deny the creation of public IP",
- "enforce": false,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "name": "Deny-Public-IP",
- "non_compliance_message": [
- {
- "content": "Public IPs should not be created under this scope.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"},\"listOfResourceTypesNotAllowed\":{\"value\":[\"Microsoft.Network/publicIPAddresses\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a subnet without a Network Security Group to protect traffic across subnets.",
- "display_name": "Subnets should have a Network Security Group",
- "enforce": false,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "name": "Deny-Subnet-Without-Nsg",
- "non_compliance_message": [
- {
- "content": "Subnets should have a Network Security Group.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag.",
- "display_name": "Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "name": "Deploy-VM-Backup",
- "non_compliance_message": [
- {
- "content": "Backup on virtual machines without a given tag should be configured to a new recovery services vault with a default policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"deployIfNotExists\"},\"exclusionTagName\":{\"value\":\"\"},\"exclusionTagValue\":{\"value\":[]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Audit-AppGW-WAF\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Audit-AppGW-WAF",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Assign the WAF should be enabled for Application Gateway audit policy.",
- "display_name": "Web Application Firewall (WAF) should be enabled for Application Gateway",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Audit-AppGW-WAF",
- "non_compliance_message": [
- {
- "content": "Web Application Firewall (WAF) must be enabled for Application Gateway.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Audit\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-IP-forwarding\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-IP-forwarding",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team.",
- "display_name": "Network interfaces should disable IP forwarding",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-IP-forwarding",
- "non_compliance_message": [
- {
- "content": "Network interfaces must disable IP forwarding.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies any network security rule that allows management port access from the Internet",
- "display_name": "Management port access from the Internet should be blocked",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-MgmtPorts-Internet",
- "non_compliance_message": [
- {
- "content": "Management port access from the Internet must be blocked.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Priv-Esc-AKS\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Priv-Esc-AKS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.",
- "display_name": "Kubernetes clusters should not allow container privilege escalation",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-Priv-Esc-AKS",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Privileged-AKS\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Privileged-AKS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc.",
- "display_name": "Kubernetes cluster should not allow privileged containers",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-Privileged-AKS",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Storage-http\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Storage-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
- "display_name": "Secure transfer to storage accounts should be enabled",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deny-Storage-http",
- "non_compliance_message": [
- {
- "content": "Secure transfer to storage accounts must be enabled.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc.",
- "display_name": "Deploy Azure Policy Add-on to Azure Kubernetes Service clusters",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-AKS-Policy",
- "non_compliance_message": [
- {
- "content": "This resource must be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "To ensure the operations performed against your SQL assets are captured, SQL servers should have auditing enabled. If auditing is not enabled, this policy will configure auditing events to flow to the specified Log Analytics workspace.",
- "display_name": "Configure SQL servers to have auditing enabled to Log Analytics workspace",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-AzSqlDb-Auditing",
- "non_compliance_message": [
- {
- "content": "SQL servers must have auditing enabled to Log Analytics workspace.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"logAnalyticsWorkspaceId\":{\"value\":\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourcegroups/root-id-1-mgmt/providers/microsoft.operationalinsights/workspaces/root-id-1-la\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/25da7dfb-0666-4a15-a8f5-402127efd8bb",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy ensures that Transparent Data Encryption is enabled on SQL Servers.",
- "display_name": "Deploy TDE on SQL servers",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-SQL-TDE",
- "non_compliance_message": [
- {
- "content": "TDE must be deployed on SQL servers.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy ensures that Threat Detection is enabled on SQL Servers.",
- "display_name": "Deploy Threat Detection on SQL servers",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-SQL-Threat",
- "non_compliance_message": [
- {
- "content": "Threat Detection must be deployed on SQL servers.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag.",
- "display_name": "Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Deploy-VM-Backup",
- "non_compliance_message": [
- {
- "content": "Backup on virtual machines without a given tag must be configured to a new recovery services vault with a default policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Protect your virtual networks against volumetric and protocol attacks with Azure DDoS Network Protection. For more information, visit https://aka.ms/ddosprotectiondocs.",
- "display_name": "Virtual networks should be protected by Azure DDoS Network Protection",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Enable-DDoS-VNET",
- "non_compliance_message": [
- {
- "content": "This resource should be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"ddosPlan\":{\"value\":\"/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5/resourceGroups/root-id-1-ddos/providers/Microsoft.Network/ddosProtectionPlans/root-id-1-ddos-northeurope\"},\"effect\":{\"value\":\"Modify\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-AKS-HTTPS\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-AKS-HTTPS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for AKS Engine and Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc",
- "display_name": "Kubernetes clusters should be accessible only over HTTPS",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Enforce-AKS-HTTPS",
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"deny\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative assignment enables recommended ALZ guardrails for Azure Key Vault.",
- "display_name": "Enforce recommended guardrails for Azure Key Vault",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Enforce-GR-KeyVault",
- "non_compliance_message": [
- {
- "content": "This resource must be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit.",
- "display_name": "Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "name": "Enforce-TLS-SSL",
- "non_compliance_message": [
- {
- "content": "TLS and SSL must be enabled for on resources without encryption in transit.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy-Log-Analytics.",
- "display_name": "Deploy-Log-Analytics",
- "enforce": false,
- "identity": [
- {
- "identity_ids": [
- "/subscriptions/2a8527ca-5340-49aa-8931-ea03669451a0/resourceGroups/rg-identity/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id-identity"
- ],
- "type": "UserAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-management",
- "name": "Deploy-Log-Analytics",
- "non_compliance_message": [
- {
- "content": "This resource should be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"automationAccountName\":{\"value\":\"root-id-1-automation\"},\"automationRegion\":{\"value\":\"northeurope\"},\"dataRetention\":{\"value\":\"60\"},\"effect\":{\"value\":\"DeployIfNotExists\"},\"rgName\":{\"value\":\"root-id-1-mgmt\"},\"sku\":{\"value\":\"pergb2018\"},\"workspaceName\":{\"value\":\"root-id-1-la\"},\"workspaceRegion\":{\"value\":\"northeurope\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/8e3e61b3-0b32-22d5-4edf-55f87fdb5955",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {
- "identity_ids": [
- false
- ]
- }
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-platform/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-platform/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative assignment enables recommended ALZ guardrails for Azure Key Vault.",
- "display_name": "Enforce recommended guardrails for Azure Key Vault",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-platform",
- "name": "Enforce-GR-KeyVault",
- "non_compliance_message": [
- {
- "content": "This resource must be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Sandbox\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Sandbox",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative will help enforce and govern subscriptions that are placed within the Sandbox Management Group. See https://aka.ms/alz/policies for more information.",
- "display_name": "Enforce ALZ Sandbox Guardrails",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes",
- "name": "Enforce-ALZ-Sandbox",
- "non_compliance_message": [
- {
- "content": "ALZ Sandbox Guardrails must be enforced.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfResourceTypesNotAllowed\":{\"value\":[\"microsoft.network/expressroutecircuits\",\"microsoft.network/expressroutegateways\",\"microsoft.network/expressrouteports\",\"microsoft.network/virtualwans\",\"microsoft.network/virtualhubs\",\"microsoft.network/vpngateways\",\"microsoft.network/p2svpngateways\",\"microsoft.network/vpnsites\",\"microsoft.network/virtualnetworkgateways\"]}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resource Groups can be deployed. Generated from custom Terraform template.",
- "display_name": "Limit allowed locations for Resource Groups",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "name": "Deny-RSG-Locations",
- "non_compliance_message": [
- {
- "content": "Resource Groups must be deployed in the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"eastus\",\"westus\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resources can be deployed.",
- "display_name": "Limit allowed locations for Resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "name": "Deny-Resource-Locations",
- "non_compliance_message": [
- {
- "content": "Resources must only be deployed to the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"eastus\",\"westus\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This assignment includes audit and virtual machine extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.",
- "display_name": "Assign policies for HITRUST and HIPAA controls",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "name": "Deploy-HITRUST-HIPAA",
- "non_compliance_message": [
- {
- "content": "HITRUST/HIPAA controls audit and virtual machine extensions must be deployed.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"CertificateThumbprints\":{\"value\":\"\"},\"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName\":{\"value\":\"root-id-1-rg\"},\"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix\":{\"value\":\"root-id-1\"},\"installedApplicationsOnWindowsVM\":{\"value\":\"\"},\"listOfLocations\":{\"value\":[\"eastus\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-emea/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-emea/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resource Groups can be deployed. Generated from custom Terraform template.",
- "display_name": "Limit allowed locations for Resource Groups",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-web-emea",
- "name": "Deny-RSG-Locations",
- "non_compliance_message": [
- {
- "content": "Resource Groups must be deployed in the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"northeurope\",\"westeurope\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-emea/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-emea/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resources can be deployed.",
- "display_name": "Limit allowed locations for Resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-web-emea",
- "name": "Deny-Resource-Locations",
- "non_compliance_message": [
- {
- "content": "Resources must only be deployed to the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"northeurope\",\"westeurope\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-us/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-us/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resource Groups can be deployed. Generated from custom Terraform template.",
- "display_name": "Limit allowed locations for Resource Groups",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-web-us",
- "name": "Deny-RSG-Locations",
- "non_compliance_message": [
- {
- "content": "Resource Groups must be deployed in the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"eastus\",\"westus\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-us/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-web-us/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resources can be deployed.",
- "display_name": "Limit allowed locations for Resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-web-us",
- "name": "Deny-Resource-Locations",
- "non_compliance_message": [
- {
- "content": "Resources must only be deployed to the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"eastus\",\"westus\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Audit-UnusedResources\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Audit-UnusedResources",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This Policy initiative is a group of Policy definitions that help optimize cost by detecting unused but chargeable resources. Leverage this Policy initiative as a cost control to reveal orphaned resources that are driving cost.",
- "display_name": "Unused resources driving cost should be avoided",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Audit-UnusedResources",
- "non_compliance_message": [
- {
- "content": "Unused resources driving cost must be avoided.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"EffectDisks\":{\"value\":\"Audit\"},\"EffectPublicIpAddresses\":{\"value\":\"Audit\"},\"EffectServerFarms\":{\"value\":\"Audit\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Audit-UnusedResourcesCostOptimization",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Classic-Resources\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Classic-Resources",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Denies deployment of classic resource types under the assigned scope.",
- "display_name": "Deny the deployment of classic resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deny-Classic-Resources",
- "non_compliance_message": [
- {
- "content": "Classic resources must not be deployed.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"effect\":{\"value\":\"Deny\"},\"listOfResourceTypesNotAllowed\":{\"value\":[\"Microsoft.ClassicCompute/capabilities\",\"Microsoft.ClassicCompute/checkDomainNameAvailability\",\"Microsoft.ClassicCompute/domainNames\",\"Microsoft.ClassicCompute/domainNames/capabilities\",\"Microsoft.ClassicCompute/domainNames/internalLoadBalancers\",\"Microsoft.ClassicCompute/domainNames/serviceCertificates\",\"Microsoft.ClassicCompute/domainNames/slots\",\"Microsoft.ClassicCompute/domainNames/slots/roles\",\"Microsoft.ClassicCompute/domainNames/slots/roles/metricDefinitions\",\"Microsoft.ClassicCompute/domainNames/slots/roles/metrics\",\"Microsoft.ClassicCompute/moveSubscriptionResources\",\"Microsoft.ClassicCompute/operatingSystemFamilies\",\"Microsoft.ClassicCompute/operatingSystems\",\"Microsoft.ClassicCompute/operations\",\"Microsoft.ClassicCompute/operationStatuses\",\"Microsoft.ClassicCompute/quotas\",\"Microsoft.ClassicCompute/resourceTypes\",\"Microsoft.ClassicCompute/validateSubscriptionMoveAvailability\",\"Microsoft.ClassicCompute/virtualMachines\",\"Microsoft.ClassicCompute/virtualMachines/diagnosticSettings\",\"Microsoft.ClassicCompute/virtualMachines/metricDefinitions\",\"Microsoft.ClassicCompute/virtualMachines/metrics\",\"Microsoft.ClassicInfrastructureMigrate/classicInfrastructureResources\",\"Microsoft.ClassicNetwork/capabilities\",\"Microsoft.ClassicNetwork/expressRouteCrossConnections\",\"Microsoft.ClassicNetwork/expressRouteCrossConnections/peerings\",\"Microsoft.ClassicNetwork/gatewaySupportedDevices\",\"Microsoft.ClassicNetwork/networkSecurityGroups\",\"Microsoft.ClassicNetwork/operations\",\"Microsoft.ClassicNetwork/quotas\",\"Microsoft.ClassicNetwork/reservedIps\",\"Microsoft.ClassicNetwork/virtualNetworks\",\"Microsoft.ClassicNetwork/virtualNetworks/remoteVirtualNetworkPeeringProxies\",\"Microsoft.ClassicNetwork/virtualNetworks/virtualNetworkPeerings\",\"Microsoft.ClassicStorage/capabilities\",\"Microsoft.ClassicStorage/checkStorageAccountAvailability\",\"Microsoft.ClassicStorage/disks\",\"Microsoft.ClassicStorage/images\",\"Microsoft.ClassicStorage/operations\",\"Microsoft.ClassicStorage/osImages\",\"Microsoft.ClassicStorage/osPlatformImages\",\"Microsoft.ClassicStorage/publicImages\",\"Microsoft.ClassicStorage/quotas\",\"Microsoft.ClassicStorage/storageAccounts\",\"Microsoft.ClassicStorage/storageAccounts/blobServices\",\"Microsoft.ClassicStorage/storageAccounts/fileServices\",\"Microsoft.ClassicStorage/storageAccounts/metricDefinitions\",\"Microsoft.ClassicStorage/storageAccounts/metrics\",\"Microsoft.ClassicStorage/storageAccounts/queueServices\",\"Microsoft.ClassicStorage/storageAccounts/services\",\"Microsoft.ClassicStorage/storageAccounts/services/diagnosticSettings\",\"Microsoft.ClassicStorage/storageAccounts/services/metricDefinitions\",\"Microsoft.ClassicStorage/storageAccounts/services/metrics\",\"Microsoft.ClassicStorage/storageAccounts/tableServices\",\"Microsoft.ClassicStorage/storageAccounts/vmImages\",\"Microsoft.ClassicStorage/vmImages\",\"Microsoft.ClassicSubscription/operations\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resource Groups can be deployed. Generated from custom Terraform template.",
- "display_name": "Limit allowed locations for Resource Groups",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deny-RSG-Locations",
- "non_compliance_message": [
- {
- "content": "Resource Groups must be deployed in the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"eastus\",\"eastus2\",\"westus\",\"northcentralus\",\"southcentralus\",\"northeurope\",\"westeurope\",\"uksouth\",\"ukwest\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resources can be deployed.",
- "display_name": "Limit allowed locations for Resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deny-Resource-Locations",
- "non_compliance_message": [
- {
- "content": "Resources must only be deployed to the allowed locations.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"eastus\",\"eastus2\",\"westus\",\"northcentralus\",\"southcentralus\",\"northeurope\",\"westeurope\",\"uksouth\",\"ukwest\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-UnmanagedDisk\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-UnmanagedDisk",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny virtual machines that do not use managed disk. It checks the managed disk property on virtual machine OS Disk fields.",
- "display_name": "Deny virtual machines and virtual machine scale sets that do not use managed disk",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deny-UnmanagedDisk",
- "non_compliance_message": [
- {
- "content": "Virtual machines and virtual machine scales sets must use a managed disk.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [
- {
- "selectors": [],
- "value": "Deny"
- }
- ],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [
- {
- "selectors": []
- }
- ],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Microsoft Cloud Security Benchmark policy initiative.",
- "display_name": "Microsoft Cloud Security Benchmark",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-ASC-Monitoring",
- "non_compliance_message": [
- {
- "content": "Microsoft Cloud Security Benchmark must be met.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Activity to stream subscriptions audit logs to a Log Analytics workspace to monitor subscription-level events",
- "display_name": "Configure Azure Activity logs to stream to specified Log Analytics workspace",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-AzActivity-Log",
- "non_compliance_message": [
- {
- "content": "Azure Activity logs must be configured to stream to specified Log Analytics workspace.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"logAnalytics\":{\"value\":\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"},\"logsEnabled\":{\"value\":\"True\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/2465583e-4e78-4c15-b6be-a36cbc7c8b0f",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This assignment includes audit and virtual machine extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.",
- "display_name": "Assign policies for HITRUST and HIPAA controls",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-HITRUST-HIPAA",
- "non_compliance_message": [
- {
- "content": "HITRUST/HIPAA controls audit and virtual machine extensions must be deployed.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"CertificateThumbprints\":{\"value\":\"\"},\"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName\":{\"value\":\"root-id-1-rg\"},\"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix\":{\"value\":\"root-id-1\"},\"installedApplicationsOnWindowsVM\":{\"value\":\"\"},\"listOfLocations\":{\"value\":[\"eastus\",\"eastus2\",\"westus\",\"northcentralus\",\"southcentralus\",\"northeurope\",\"westeurope\",\"uksouth\",\"ukwest\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Microsoft Defender for Endpoint agent on applicable images.",
- "display_name": "[Preview]: Deploy Microsoft Defender for Endpoint agent",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-MDEndpoints",
- "non_compliance_message": [
- {
- "content": "Microsoft Defender for Endpoint agent must be deployed on applicable images.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"microsoftDefenderForEndpointLinuxArcAgentDeployEffect\":{\"value\":\"DeployIfNotExists\"},\"microsoftDefenderForEndpointLinuxVmAgentDeployEffect\":{\"value\":\"DeployIfNotExists\"},\"microsoftDefenderForEndpointWindowsArcAgentDeployEffect\":{\"value\":\"DeployIfNotExists\"},\"microsoftDefenderForEndpointWindowsVmAgentDeployEffect\":{\"value\":\"DeployIfNotExists\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/e20d08c5-6d64-656d-6465-ce9e37fd0ebc",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Microsoft Defender for Cloud and Security Contacts",
- "display_name": "Deploy Microsoft Defender for Cloud configuration",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-MDFC-Config",
- "non_compliance_message": [
- {
- "content": "Microsoft Defender for Cloud and Security Contacts must be deployed.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"ascExportResourceGroupLocation\":{\"value\":\"northeurope\"},\"ascExportResourceGroupName\":{\"value\":\"root-id-1-security-logs-export\"},\"emailSecurityContact\":{\"value\":\"test.user@replace_me\"},\"enableAscForApis\":{\"value\":\"DeployIfNotExists\"},\"enableAscForAppServices\":{\"value\":\"DeployIfNotExists\"},\"enableAscForArm\":{\"value\":\"DeployIfNotExists\"},\"enableAscForContainers\":{\"value\":\"DeployIfNotExists\"},\"enableAscForCosmosDbs\":{\"value\":\"DeployIfNotExists\"},\"enableAscForCspm\":{\"value\":\"DeployIfNotExists\"},\"enableAscForDns\":{\"value\":\"DeployIfNotExists\"},\"enableAscForKeyVault\":{\"value\":\"DeployIfNotExists\"},\"enableAscForOssDb\":{\"value\":\"DeployIfNotExists\"},\"enableAscForServers\":{\"value\":\"DeployIfNotExists\"},\"enableAscForServersVulnerabilityAssessments\":{\"value\":\"DeployIfNotExists\"},\"enableAscForSql\":{\"value\":\"DeployIfNotExists\"},\"enableAscForSqlOnVm\":{\"value\":\"DeployIfNotExists\"},\"enableAscForStorage\":{\"value\":\"DeployIfNotExists\"},\"logAnalytics\":{\"value\":\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"},\"vulnerabilityAssessmentProvider\":{\"value\":\"default\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enable Advanced Threat Protection on your non-Basic tier open-source relational databases to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. See https://aka.ms/AzDforOpenSourceDBsDocu.",
- "display_name": "Configure Advanced Threat Protection to be enabled on open-source relational databases",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-MDFC-OssDb",
- "non_compliance_message": [
- {
- "content": "Advanced Threat Protection must be enabled on open-source relational databases.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/e77fc0b3-f7e9-4c58-bc13-cb753ed8e46e",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enable Azure Defender on your SQL Servers and SQL Managed Instances to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.",
- "display_name": "Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-MDFC-SqlAtp",
- "non_compliance_message": [
- {
- "content": "Azure Defender must be enabled on SQL Servers and SQL Managed Instances.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included",
- "display_name": "Deploy Diagnostic Settings to Azure Services",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-Resource-Diag",
- "non_compliance_message": [
- {
- "content": "Diagnostic settings must be deployed to Azure services.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"AKSLogAnalyticsEffect\":{\"value\":\"Disabled\"},\"logAnalytics\":{\"value\":\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Auditing on SQL servers.",
- "display_name": "Deploy Auditing on SQL servers",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-SQL-Auditing",
- "non_compliance_message": [
- {
- "content": "This resource must be compliant with the assigned policy.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"retentionDays\":{\"value\":\"10\"},\"storageAccountsResourceGroup\":{\"value\":\"\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter.",
- "display_name": "Enable Azure Monitor for VMs",
- "enforce": false,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Deploy-VM-Monitoring",
- "non_compliance_message": [
- {
- "content": "Azure Monitor should be enabled for Virtual Machines.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"logAnalytics_1\":{\"value\":\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This initiative assignment enables Azure Compute Security Baseline compliance auditing for Windows and Linux virtual machines.",
- "display_name": "Enforce Azure Compute Security Baseline compliance auditing",
- "enforce": true,
- "identity": [
- {
- "identity_ids": null,
- "type": "SystemAssigned"
- }
- ],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "name": "Enforce-ACSB",
- "non_compliance_message": [
- {
- "content": "Azure Compute Security Baseline compliance auditing must be enforced.",
- "policy_definition_reference_id": null
- }
- ],
- "not_scopes": [],
- "overrides": [],
- "parameters": null,
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [
- {}
- ],
- "non_compliance_message": [
- {}
- ],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core.azurerm_management_group_subscription_association.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5\"]",
- "mode": "managed",
- "type": "azurerm_management_group_subscription_association",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "subscription_id": "/subscriptions/fa2fa118-a60d-4700-9ef1-fa02beeaaea5",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.azurerm_management_group_subscription_association.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e\"]",
- "mode": "managed",
- "type": "azurerm_management_group_subscription_association",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-management/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-management",
- "subscription_id": "/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Appends the AppService sites object to ensure that HTTPS only is enabled for server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.",
- "display_name": "AppService append enable https only setting to enforce https setting.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Append-AppService-httpsonly",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"field\":\"Microsoft.Web/sites/httpsOnly\",\"notequals\":true}]},\"then\":{\"details\":[{\"field\":\"Microsoft.Web/sites/httpsOnly\",\"value\":true}],\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Append the AppService sites object to ensure that min Tls version is set to required minimum TLS version. Please note Append does not enforce compliance use then deny.",
- "display_name": "AppService append sites with minimum TLS version to enforce.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Append-AppService-latestTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version for a Web App config to enforce\",\"displayName\":\"Select version minimum TLS Web App config\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"exists\":\"true\",\"field\":\"Microsoft.Web/sites/config/minTlsVersion\"},{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"notEquals\":\"[parameters('minTlsVersion')]\"}]},\"then\":{\"details\":[{\"field\":\"Microsoft.Web/sites/config/minTlsVersion\",\"value\":\"[parameters('minTlsVersion')]\"}],\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-KV-SoftDelete\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-KV-SoftDelete",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy enables you to ensure when a Key Vault is created with out soft delete enabled it will be added.",
- "display_name": "KeyVault SoftDelete should be enabled",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Key Vault\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Append-KV-SoftDelete",
- "parameters": null,
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.KeyVault/vaults\",\"field\":\"type\"},{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"notEquals\":true}]}]},\"then\":{\"details\":[{\"field\":\"Microsoft.KeyVault/vaults/enableSoftDelete\",\"value\":true}],\"effect\":\"append\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cache\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "Indexed",
- "name": "Append-Redis-disableNonSslPort",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure Cache for Redis\",\"displayName\":\"Effect Azure Cache for Redis\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Cache/redis\",\"field\":\"type\"},{\"anyOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Cache/Redis/enableNonSslPort\"}]}]},\"then\":{\"details\":[{\"field\":\"Microsoft.Cache/Redis/enableNonSslPort\",\"value\":false}],\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Append a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cache\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Append-Redis-sslEnforcement",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure Cache for Redis\",\"displayName\":\"Effect Azure Cache for Redis\"},\"type\":\"String\"},\"minimumTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Cache for Redis to enforce\",\"displayName\":\"Select version for Redis server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Cache/redis\",\"field\":\"type\"},{\"anyOf\":[{\"field\":\"Microsoft.Cache/Redis/minimumTlsVersion\",\"notequals\":\"[parameters('minimumTlsVersion')]\"}]}]},\"then\":{\"details\":[{\"field\":\"Microsoft.Cache/Redis/minimumTlsVersion\",\"value\":\"[parameters('minimumTlsVersion')]\"}],\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by enabling Azure Hybrid Benefit. Leverage this Policy definition as a cost control to reveal Virtual Machines not using AHUB.",
- "display_name": "Audit AHUB for eligible VMs",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Audit-AzureHybridBenefit",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Compute/virtualMachines\",\"Microsoft.Compute/virtualMachineScaleSets\"]},{\"equals\":\"MicrosoftWindowsServer\",\"field\":\"Microsoft.Compute/imagePublisher\"},{\"equals\":\"WindowsServer\",\"field\":\"Microsoft.Compute/imageOffer\"},{\"anyOf\":[{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2008-R2-SP1*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2012-*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2016-*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2019-*\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"like\":\"2022-*\"}]},{\"field\":\"Microsoft.Compute/licenseType\",\"notEquals\":\"Windows_Server\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by detecting unused but chargeable resources. Leverage this Policy definition as a cost control to reveal orphaned Disks that are driving cost.",
- "display_name": "Unused Disks driving cost should be avoided",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Audit-Disks-UnusedResourcesCostOptimization",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Compute/disks\",\"field\":\"type\"},{\"equals\":\"Unattached\",\"field\":\"Microsoft.Compute/disks/diskState\"},{\"allof\":[{\"field\":\"name\",\"notlike\":\"*-ASRReplica\"},{\"field\":\"name\",\"notlike\":\"ms-asr-*\"},{\"field\":\"name\",\"notlike\":\"asrseeddisk-*\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-MachineLearning-PrivateEndpointId\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-MachineLearning-PrivateEndpointId",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.",
- "display_name": "Control private endpoint connections to Azure Machine Learning",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Audit-MachineLearning-PrivateEndpointId",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\",\"field\":\"type\"},{\"equals\":\"Approved\",\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id\"},{\"notEquals\":\"[subscription().subscriptionId]\",\"value\":\"[split(concat(field('Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id'), '//'), '/')[2]]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy audits the creation of a Private Link Private DNS Zones in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription",
- "display_name": "Audit the creation of Private Link Private DNS Zones",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "Indexed",
- "name": "Audit-PrivateLinkDnsZones",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"privateLinkDnsZones\":{\"defaultValue\":[\"privatelink.adf.azure.com\",\"privatelink.afs.azure.net\",\"privatelink.agentsvc.azure-automation.net\",\"privatelink.analysis.windows.net\",\"privatelink.api.azureml.ms\",\"privatelink.azconfig.io\",\"privatelink.azure-api.net\",\"privatelink.azure-automation.net\",\"privatelink.azurecr.io\",\"privatelink.azure-devices.net\",\"privatelink.azure-devices-provisioning.net\",\"privatelink.azuredatabricks.net\",\"privatelink.azurehdinsight.net\",\"privatelink.azurehealthcareapis.com\",\"privatelink.azurestaticapps.net\",\"privatelink.azuresynapse.net\",\"privatelink.azurewebsites.net\",\"privatelink.batch.azure.com\",\"privatelink.blob.core.windows.net\",\"privatelink.cassandra.cosmos.azure.com\",\"privatelink.cognitiveservices.azure.com\",\"privatelink.database.windows.net\",\"privatelink.datafactory.azure.net\",\"privatelink.dev.azuresynapse.net\",\"privatelink.dfs.core.windows.net\",\"privatelink.dicom.azurehealthcareapis.com\",\"privatelink.digitaltwins.azure.net\",\"privatelink.directline.botframework.com\",\"privatelink.documents.azure.com\",\"privatelink.eventgrid.azure.net\",\"privatelink.file.core.windows.net\",\"privatelink.gremlin.cosmos.azure.com\",\"privatelink.guestconfiguration.azure.com\",\"privatelink.his.arc.azure.com\",\"privatelink.kubernetesconfiguration.azure.com\",\"privatelink.managedhsm.azure.net\",\"privatelink.mariadb.database.azure.com\",\"privatelink.media.azure.net\",\"privatelink.mongo.cosmos.azure.com\",\"privatelink.monitor.azure.com\",\"privatelink.mysql.database.azure.com\",\"privatelink.notebooks.azure.net\",\"privatelink.ods.opinsights.azure.com\",\"privatelink.oms.opinsights.azure.com\",\"privatelink.pbidedicated.windows.net\",\"privatelink.postgres.database.azure.com\",\"privatelink.prod.migration.windowsazure.com\",\"privatelink.purview.azure.com\",\"privatelink.purviewstudio.azure.com\",\"privatelink.queue.core.windows.net\",\"privatelink.redis.cache.windows.net\",\"privatelink.redisenterprise.cache.azure.net\",\"privatelink.search.windows.net\",\"privatelink.service.signalr.net\",\"privatelink.servicebus.windows.net\",\"privatelink.siterecovery.windowsazure.com\",\"privatelink.sql.azuresynapse.net\",\"privatelink.table.core.windows.net\",\"privatelink.table.cosmos.azure.com\",\"privatelink.tip1.powerquery.microsoft.com\",\"privatelink.token.botframework.com\",\"privatelink.vaultcore.azure.net\",\"privatelink.web.core.windows.net\",\"privatelink.webpubsub.azure.com\"],\"metadata\":{\"description\":\"An array of Private Link Private DNS Zones to check for the existence of in the assigned scope.\",\"displayName\":\"Private Link Private DNS Zones\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/privateDnsZones\",\"field\":\"type\"},{\"field\":\"name\",\"in\":\"[parameters('privateLinkDnsZones')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by detecting unused but chargeable resources. Leverage this Policy definition as a cost control to reveal orphaned Public IP addresses that are driving cost.",
- "display_name": "Unused Public IP addresses driving cost should be avoided",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Audit-PublicIpAddresses-UnusedResourcesCostOptimization",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"microsoft.network/publicIpAddresses\",\"field\":\"type\"},{\"field\":\"Microsoft.Network/publicIPAddresses/sku.name\",\"notEquals\":\"Basic\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.Network/publicIPAddresses/natGateway\"},{\"equals\":true,\"value\":\"[equals(length(field('Microsoft.Network/publicIPAddresses/natGateway')), 0)]\"}]},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.Network/publicIPAddresses/ipConfiguration\"},{\"equals\":true,\"value\":\"[equals(length(field('Microsoft.Network/publicIPAddresses/ipConfiguration')), 0)]\"}]},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.Network/publicIPAddresses/publicIPPrefix\"},{\"equals\":true,\"value\":\"[equals(length(field('Microsoft.Network/publicIPAddresses/publicIPPrefix')), 0)]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by detecting unused but chargeable resources. Leverage this Policy definition as a cost control to reveal orphaned App Service plans that are driving cost.",
- "display_name": "Unused App Service plans driving cost should be avoided",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Audit-ServerFarms-UnusedResourcesCostOptimization",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/serverfarms\",\"field\":\"type\"},{\"field\":\"Microsoft.Web/serverFarms/sku.tier\",\"notEquals\":\"Free\"},{\"equals\":0,\"field\":\"Microsoft.Web/serverFarms/numberOfSites\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AA-child-resources\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AA-child-resources",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of child resources on the Automation Account",
- "display_name": "No child resources in Automation Account",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureUSGovernment\"],\"category\":\"Automation\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AA-child-resources",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"field\":\"type\",\"in\":[\"Microsoft.Automation/automationAccounts/runbooks\",\"Microsoft.Automation/automationAccounts/variables\",\"Microsoft.Automation/automationAccounts/modules\",\"Microsoft.Automation/automationAccounts/credentials\",\"Microsoft.Automation/automationAccounts/connections\",\"Microsoft.Automation/automationAccounts/certificates\"]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGW-Without-WAF\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGW-Without-WAF",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy enables you to restrict that Application Gateways is always deployed with WAF enabled",
- "display_name": "Application Gateway should be deployed with WAF enabled",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AppGW-Without-WAF",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/applicationGateways\",\"field\":\"type\"},{\"field\":\"Microsoft.Network/applicationGateways/sku.name\",\"notequals\":\"WAF_v2\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.",
- "display_name": "API App should only be accessible over HTTPS",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AppServiceApiApp-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"field\":\"kind\",\"like\":\"*api\"},{\"equals\":\"false\",\"field\":\"Microsoft.Web/sites/httpsOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.",
- "display_name": "Function App should only be accessible over HTTPS",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AppServiceFunctionApp-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"field\":\"kind\",\"like\":\"functionapp*\"},{\"equals\":\"false\",\"field\":\"Microsoft.Web/sites/httpsOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.",
- "display_name": "Web Application should only be accessible over HTTPS",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"App Service\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-AppServiceWebApp-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"field\":\"kind\",\"like\":\"app*\"},{\"equals\":\"false\",\"field\":\"Microsoft.Web/sites/httpsOnly\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-NoPublicIp\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-NoPublicIp",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Denies the deployment of workspaces that do not use the noPublicIp feature to host Databricks clusters without public IPs.",
- "display_name": "Deny public IPs for Databricks cluster",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Databricks\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Databricks-NoPublicIp",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Databricks/workspaces\",\"field\":\"type\"},{\"field\":\"Microsoft.DataBricks/workspaces/parameters.enableNoPublicIp.value\",\"notEquals\":true}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-Sku\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-Sku",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.",
- "display_name": "Deny non-premium Databricks sku",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Databricks\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Databricks-Sku",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Databricks/workspaces\",\"field\":\"type\"},{\"field\":\"Microsoft.DataBricks/workspaces/sku.name\",\"notEquals\":\"premium\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-VirtualNetwork\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-VirtualNetwork",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforces the use of vnet injection for Databricks workspaces.",
- "display_name": "Deny Databricks workspaces without Vnet injection",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Databricks\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Databricks-VirtualNetwork",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Databricks/workspaces\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.DataBricks/workspaces/parameters.customVirtualNetworkId.value\"},{\"exists\":false,\"field\":\"Microsoft.DataBricks/workspaces/parameters.customPublicSubnetName.value\"},{\"exists\":false,\"field\":\"Microsoft.DataBricks/workspaces/parameters.customPrivateSubnetName.value\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureAuth\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureAuth",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the use of insecure authentication methods (NTLMv2) when using File Services on a storage account.",
- "display_name": "File Services with insecure authentication methods should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-FileServices-InsecureAuth",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"notAllowedAuthMethods\":{\"allowedValues\":[\"NTLMv2\",\"Kerberos\"],\"defaultValue\":\"NTLMv2\",\"metadata\":{\"description\":\"The list of channelEncryption not allowed.\",\"displayName\":\"Authentication methods supported by server. Valid values are NTLMv2, Kerberos.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"contains\":\"[parameters('notAllowedAuthMethods')]\",\"field\":\"Microsoft.Storage/storageAccounts/fileServices/protocolSettings.smb.authenticationMethods\"},{\"equals\":\"Microsoft.Storage/storageAccounts/fileServices\",\"field\":\"type\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureKerberos\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureKerberos",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the use of insecure Kerberos ticket encryption (RC4-HMAC) when using File Services on a storage account.",
- "display_name": "File Services with insecure Kerberos ticket encryption should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-FileServices-InsecureKerberos",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"notAllowedKerberosTicketEncryption\":{\"allowedValues\":[\"RC4-HMAC\",\"AES-256\"],\"defaultValue\":\"RC4-HMAC\",\"metadata\":{\"description\":\"The list of kerberosTicketEncryption not allowed.\",\"displayName\":\"Kerberos ticket encryption supported by server. Valid values are RC4-HMAC, AES-256.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts/fileServices\",\"field\":\"type\"},{\"contains\":\"[parameters('notAllowedKerberosTicketEncryption')]\",\"field\":\"Microsoft.Storage/storageAccounts/fileServices/protocolSettings.smb.kerberosTicketEncryption\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbChannel\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbChannel",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the use of insecure channel encryption (AES-128-CCM) when using File Services on a storage account.",
- "display_name": "File Services with insecure SMB channel encryption should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-FileServices-InsecureSmbChannel",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"notAllowedChannelEncryption\":{\"allowedValues\":[\"AES-128-CCM\",\"AES-128-GCM\",\"AES-256-GCM\"],\"defaultValue\":\"AES-128-CCM\",\"metadata\":{\"description\":\"The list of channelEncryption not allowed.\",\"displayName\":\"SMB channel encryption supported by server. Valid values are AES-128-CCM, AES-128-GCM, AES-256-GCM.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts/fileServices\",\"field\":\"type\"},{\"contains\":\"[parameters('notAllowedChannelEncryption')]\",\"field\":\"Microsoft.Storage/storageAccounts/fileServices/protocolSettings.smb.channelEncryption\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbVersions\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbVersions",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the use of insecure versions of SMB (2.1 & 3.0) when using File Services on a storage account.",
- "display_name": "File Services with insecure SMB versions should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-FileServices-InsecureSmbVersions",
- "parameters": "{\"allowedSmbVersion\":{\"allowedValues\":[\"SMB2.1\",\"SMB3.0\",\"SMB3.1.1\"],\"defaultValue\":\"SMB3.1.1\",\"metadata\":{\"description\":\"The allowed SMB version for maximum security\",\"displayName\":\"Allowed SMB Version\"},\"type\":\"String\"},\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts/fileServices\",\"field\":\"type\"},{\"not\":{\"contains\":\"[parameters('allowedSmbVersion')]\",\"field\":\"Microsoft.Storage/storageAccounts/fileServices/protocolSettings.smb.versions\"}}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Aks\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Aks",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny AKS cluster creation in Azure Machine Learning and enforce connecting to existing clusters.",
- "display_name": "Deny AKS cluster creation in Azure Machine Learning",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-Aks",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"equals\":\"AKS\",\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/resourceId\"},{\"equals\":true,\"value\":\"[empty(field('Microsoft.MachineLearningServices/workspaces/computes/resourceId'))]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-SubnetId\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-SubnetId",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances.",
- "display_name": "Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-Compute-SubnetId",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\"in\":[\"AmlCompute\",\"ComputeInstance\"]},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/subnet.id\"},{\"equals\":true,\"value\":\"[empty(field('Microsoft.MachineLearningServices/workspaces/computes/subnet.id'))]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-VmSize\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-VmSize",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances.",
- "display_name": "Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Budget\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-Compute-VmSize",
- "parameters": "{\"allowedVmSizes\":{\"defaultValue\":[\"Standard_D1_v2\",\"Standard_D2_v2\",\"Standard_D3_v2\",\"Standard_D4_v2\",\"Standard_D11_v2\",\"Standard_D12_v2\",\"Standard_D13_v2\",\"Standard_D14_v2\",\"Standard_DS1_v2\",\"Standard_DS2_v2\",\"Standard_DS3_v2\",\"Standard_DS4_v2\",\"Standard_DS5_v2\",\"Standard_DS11_v2\",\"Standard_DS12_v2\",\"Standard_DS13_v2\",\"Standard_DS14_v2\",\"Standard_M8-2ms\",\"Standard_M8-4ms\",\"Standard_M8ms\",\"Standard_M16-4ms\",\"Standard_M16-8ms\",\"Standard_M16ms\",\"Standard_M32-8ms\",\"Standard_M32-16ms\",\"Standard_M32ls\",\"Standard_M32ms\",\"Standard_M32ts\",\"Standard_M64-16ms\",\"Standard_M64-32ms\",\"Standard_M64ls\",\"Standard_M64ms\",\"Standard_M64s\",\"Standard_M128-32ms\",\"Standard_M128-64ms\",\"Standard_M128ms\",\"Standard_M128s\",\"Standard_M64\",\"Standard_M64m\",\"Standard_M128\",\"Standard_M128m\",\"Standard_D1\",\"Standard_D2\",\"Standard_D3\",\"Standard_D4\",\"Standard_D11\",\"Standard_D12\",\"Standard_D13\",\"Standard_D14\",\"Standard_DS15_v2\",\"Standard_NV6\",\"Standard_NV12\",\"Standard_NV24\",\"Standard_F2s_v2\",\"Standard_F4s_v2\",\"Standard_F8s_v2\",\"Standard_F16s_v2\",\"Standard_F32s_v2\",\"Standard_F64s_v2\",\"Standard_F72s_v2\",\"Standard_NC6s_v3\",\"Standard_NC12s_v3\",\"Standard_NC24rs_v3\",\"Standard_NC24s_v3\",\"Standard_NC6\",\"Standard_NC12\",\"Standard_NC24\",\"Standard_NC24r\",\"Standard_ND6s\",\"Standard_ND12s\",\"Standard_ND24rs\",\"Standard_ND24s\",\"Standard_NC6s_v2\",\"Standard_NC12s_v2\",\"Standard_NC24rs_v2\",\"Standard_NC24s_v2\",\"Standard_ND40rs_v2\",\"Standard_NV12s_v3\",\"Standard_NV24s_v3\",\"Standard_NV48s_v3\"],\"metadata\":{\"description\":\"Specifies the allowed VM Sizes for Aml Compute Clusters and Instances\",\"displayName\":\"Allowed VM Sizes for Aml Compute Clusters and Instances\"},\"type\":\"Array\"},\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\"in\":[\"AmlCompute\",\"ComputeInstance\"]},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/vmSize\",\"notIn\":\"[parameters('allowedVmSizes')]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny public access of Azure Machine Learning clusters via SSH.",
- "display_name": "Deny public access of Azure Machine Learning clusters via SSH",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"equals\":\"AmlCompute\",\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\"notEquals\":\"Disabled\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-Scale\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-Scale",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce scale settings for Azure Machine Learning compute clusters.",
- "display_name": "Enforce scale settings for Azure Machine Learning compute clusters",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Budget\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-ComputeCluster-Scale",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"maxNodeCount\":{\"defaultValue\":10,\"metadata\":{\"description\":\"Specifies the maximum node count of AML Clusters\",\"displayName\":\"Maximum Node Count\"},\"type\":\"Integer\"},\"maxNodeIdleTimeInSecondsBeforeScaleDown\":{\"defaultValue\":900,\"metadata\":{\"description\":\"Specifies the maximum node idle time in seconds before scaledown\",\"displayName\":\"Maximum Node Idle Time in Seconds Before Scaledown\"},\"type\":\"Integer\"},\"minNodeCount\":{\"defaultValue\":0,\"metadata\":{\"description\":\"Specifies the minimum node count of AML Clusters\",\"displayName\":\"Minimum Node Count\"},\"type\":\"Integer\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces/computes\",\"field\":\"type\"},{\"equals\":\"AmlCompute\",\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/computeType\"},{\"anyOf\":[{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.maxNodeCount\",\"greater\":\"[parameters('maxNodeCount')]\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.minNodeCount\",\"greater\":\"[parameters('minNodeCount')]\"},{\"greater\":\"[parameters('maxNodeIdleTimeInSecondsBeforeScaleDown')]\",\"value\":\"[int(last(split(replace(replace(replace(replace(replace(replace(replace(field('Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.nodeIdleTimeBeforeScaleDown'), 'P', '/'), 'Y', '/'), 'M', '/'), 'D', '/'), 'T', '/'), 'H', '/'), 'S', ''), '/')))]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-HbiWorkspace\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-HbiWorkspace",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforces high business impact Azure Machine Learning workspaces.",
- "display_name": "Enforces high business impact Azure Machine Learning Workspaces",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-HbiWorkspace",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\"notEquals\":true}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicAccessWhenBehindVnet\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicAccessWhenBehindVnet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny public access behind vnet to Azure Machine Learning workspaces.",
- "display_name": "Deny public access behind vnet to Azure Machine Learning workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-PublicAccessWhenBehindVnet",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":false,\"field\":\"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\"notEquals\":false}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Denies public network access for Azure Machine Learning workspaces. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/438c38d2-3772-465a-a9cc-7a6666a275ce.html",
- "display_name": "[Deprecated] Azure Machine Learning should have disabled public network access",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Machine Learning\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"438c38d2-3772-465a-a9cc-7a6666a275ce\",\"version\":\"1.0.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deny-MachineLearning-PublicNetworkAccess",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.MachineLearningServices/workspaces\",\"field\":\"type\"},{\"field\":\"Microsoft.MachineLearningServices/workspaces/publicNetworkAccess\",\"notEquals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies any network security rule that allows management port access from the Internet",
- "display_name": "Management port access from the Internet should be blocked",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"replacesPolicy\":\"Deny-RDP-From-Internet\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.1.0\"}",
- "mode": "All",
- "name": "Deny-MgmtPorts-From-Internet",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"ports\":{\"defaultValue\":[\"22\",\"3389\"],\"metadata\":{\"description\":\"Ports to be blocked\",\"displayName\":\"Ports\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/networkSecurityGroups/securityRules\",\"field\":\"type\"},{\"allOf\":[{\"equals\":\"Allow\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/access\"},{\"equals\":\"Inbound\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/direction\"},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\",\"in\":\"[parameters('ports')]\"},{\"count\":{\"value\":\"[parameters('ports')]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'))), contains(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'),'-')), and(lessOrEquals(int(first(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),int(current())),greaterOrEquals(int(last(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),int(current()))), 'false')]\"}},\"greater\":0},{\"count\":{\"name\":\"ports\",\"value\":\"[parameters('ports')]\",\"where\":{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'))), contains(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'),'-')), and(lessOrEquals(int(first(split(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'), '-'))),int(current('ports'))),greaterOrEquals(int(last(split(current('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]'), '-'))),int(current('ports')))) , 'false')]\"}},\"greater\":0}},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"notIn\":\"[parameters('ports')]\"}}]},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\"},{\"equals\":\"Internet\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\"},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\"notEquals\":\"Internet\"}}]}]}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/networkSecurityGroups\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*]\",\"where\":{\"allOf\":[{\"equals\":\"Allow\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].access\"},{\"equals\":\"Inbound\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].direction\"},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\"},{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange\",\"in\":\"[parameters('ports')]\"},{\"count\":{\"name\":\"ports\",\"value\":\"[parameters('ports')]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'))), contains(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'),'-')), and(lessOrEquals(int(first(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'), '-'))),int(current('ports'))),greaterOrEquals(int(last(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange'), '-'))),int(current('ports')))), 'false')]\"}},\"greater\":0},{\"count\":{\"name\":\"ports\",\"value\":\"[parameters('ports')]\",\"where\":{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'))), contains(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'),'-')), and(lessOrEquals(int(first(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'), '-'))),int(current('ports'))),greaterOrEquals(int(last(split(current('Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]'), '-'))),int(current('ports')))) , 'false')]\"}},\"greater\":0}},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]\",\"notIn\":\"[parameters('ports')]\"}}]},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\"},{\"equals\":\"Internet\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefix\"},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules[*].sourceAddressPrefixes[*]\",\"notEquals\":\"Internet\"}}]}]}},\"greater\":0}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "MySQL database servers enforce SSL connections.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-MySql-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for MySQL server to enforce\",\"displayName\":\"Select version minimum TLS for MySQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforMySQL/servers\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.DBforMySQL/servers/sslEnforcement\"},{\"field\":\"Microsoft.DBforMySQL/servers/sslEnforcement\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "PostgreSQL database servers enforce SSL connection.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "Indexed",
- "name": "Deny-PostgreSql-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for PostgreSQL server to enforce\",\"displayName\":\"Select version minimum TLS for PostgreSQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforPostgreSQL/servers\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.DBforPostgreSQL/servers/sslEnforcement\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Private-DNS-Zones\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Private-DNS-Zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a private DNS in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription",
- "display_name": "Deny the creation of private DNS",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Private-DNS-Zones",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/privateDnsZones\",\"field\":\"type\"},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of Maria DB accounts with exposed public endpoints. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/fdccbe47-f3e3-4213-ad5d-ea459b2fa077.html",
- "display_name": "[Deprecated] Public network access should be disabled for MariaDB",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\"version\":\"1.0.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deny-PublicEndpoint-MariaDB",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforMariaDB/servers\",\"field\":\"type\"},{\"field\":\"Microsoft.DBforMariaDB/servers/publicNetworkAccess\",\"notequals\":\"Disabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "[Deprecated] This policy denies creation of Public IPs under the assigned scope. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/6c112d4e-5bc7-47ae-a041-ea2d9dccd749.html using appropriate assignment parameters.",
- "display_name": "[Deprecated] Deny the creation of public IP",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\"version\":\"1.0.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deny-PublicIP",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/publicIPAddresses\",\"field\":\"type\"},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-RDP-From-Internet\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-RDP-From-Internet",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies any network security rule that allows RDP access from Internet. This policy is superseded by https://www.azadvertizer.net/azpolicyadvertizer/Deny-MgmtPorts-From-Internet.html",
- "display_name": "[Deprecated] RDP access from the Internet should be blocked",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"Deny-MgmtPorts-From-Internet\",\"version\":\"1.0.1-deprecated\"}",
- "mode": "All",
- "name": "Deny-RDP-From-Internet",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/networkSecurityGroups/securityRules\",\"field\":\"type\"},{\"allOf\":[{\"equals\":\"Allow\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/access\"},{\"equals\":\"Inbound\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/direction\"},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\"},{\"equals\":\"3389\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange\"},{\"equals\":\"true\",\"value\":\"[if(and(not(empty(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'))), contains(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'),'-')), and(lessOrEquals(int(first(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),3389),greaterOrEquals(int(last(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'), '-'))),3389)), 'false')]\"},{\"count\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"where\":{\"equals\":\"true\",\"value\":\"[if(and(not(empty(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')))), contains(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')),'-')), and(lessOrEquals(int(first(split(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')), '-'))),3389),greaterOrEquals(int(last(split(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')), '-'))),3389)) , 'false')]\"}},\"greater\":0},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]\",\"notEquals\":\"3389\"}}]},{\"anyOf\":[{\"equals\":\"*\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\"},{\"equals\":\"Internet\",\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix\"},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\"notEquals\":\"*\"}},{\"not\":{\"field\":\"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]\",\"notEquals\":\"Internet\"}}]}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audit enabling of only connections via SSL to Azure Cache for Redis. Validate both minimum TLS version and enableNonSslPort is disabled. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
- "display_name": "Azure Cache for Redis only secure connections should be enabled",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cache\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Redis-http",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimumTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select minimum TLS version for Azure Cache for Redis.\",\"displayName\":\"Select minumum TLS version for Azure Cache for Redis.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Cache/redis\",\"field\":\"type\"},{\"anyOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Cache/Redis/enableNonSslPort\"},{\"field\":\"Microsoft.Cache/Redis/minimumTlsVersion\",\"notequals\":\"[parameters('minimumTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.",
- "display_name": "Azure SQL Database should have the minimal TLS version set to the highest version",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Sql-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version SQL servers to enforce\",\"displayName\":\"Select version for SQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/servers\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.Sql/servers/minimalTlsVersion\"},{\"field\":\"Microsoft.Sql/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.",
- "display_name": "SQL Managed Instance should have the minimal TLS version set to the highest version",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-SqlMi-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version SQL servers to enforce\",\"displayName\":\"Select version for SQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/managedInstances\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.Sql/managedInstances/minimalTlsVersion\"},{\"field\":\"Microsoft.Sql/managedInstances/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of Storage Accounts with SFTP enabled for Blob Storage.",
- "display_name": "Storage Accounts with SFTP enabled should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Storage-SFTP",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts\",\"field\":\"type\"},{\"equals\":\"true\",\"field\":\"Microsoft.Storage/storageAccounts/isSftpEnabled\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
- "display_name": "Storage Account set to minimum TLS and Secure transfer should be enabled",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deny-Storage-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"minimumTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_1\",\"TLS1_0\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version on Azure Storage Account to enforce\",\"displayName\":\"Storage Account select minimum TLS version\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts\",\"field\":\"type\"},{\"anyOf\":[{\"allOf\":[{\"less\":\"2019-04-01\",\"value\":\"[requestContext().apiVersion]\"},{\"exists\":\"false\",\"field\":\"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\"}]},{\"equals\":\"false\",\"field\":\"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\"},{\"field\":\"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\"notequals\":\"[parameters('minimumTlsVersion')]\"},{\"exists\":\"false\",\"field\":\"Microsoft.Storage/storageAccounts/minimumTlsVersion\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-StorageAccount-CustomDomain\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-StorageAccount-CustomDomain",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of Storage Accounts with custom domains assigned as communication cannot be encrypted, and always uses HTTP.",
- "display_name": "Storage Accounts with custom domains assigned should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-StorageAccount-CustomDomain",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts\",\"field\":\"type\"},{\"anyOf\":[{\"exists\":\"true\",\"field\":\"Microsoft.Storage/storageAccounts/customDomain\"},{\"equals\":\"true\",\"field\":\"Microsoft.Storage/storageAccounts/customDomain.useSubDomainName\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a subnet without a Network Security Group. NSG help to protect traffic across subnet-level.",
- "display_name": "Subnets should have a Network Security Group",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "mode": "All",
- "name": "Deny-Subnet-Without-Nsg",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedSubnets\":{\"defaultValue\":[\"GatewaySubnet\",\"AzureFirewallSubnet\",\"AzureFirewallManagementSubnet\"],\"metadata\":{\"description\":\"Array of subnet names that are excluded from this policy\",\"displayName\":\"Excluded Subnets\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*]\",\"where\":{\"allOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id\"},{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].name\",\"notIn\":\"[parameters('excludedSubnets')]\"}]}},\"notEquals\":0}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/subnets\",\"field\":\"type\"},{\"field\":\"name\",\"notIn\":\"[parameters('excludedSubnets')]\"},{\"exists\":\"false\",\"field\":\"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Penp\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Penp",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a subnet without Private Endpoint Netwotk Policies enabled. This policy is intended for 'workload' subnets, not 'central infrastructure' (aka, 'hub') subnets.",
- "display_name": "Subnets without Private Endpoint Network Policies enabled should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-Subnet-Without-Penp",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedSubnets\":{\"defaultValue\":[\"GatewaySubnet\",\"AzureFirewallSubnet\",\"AzureFirewallManagementSubnet\",\"AzureBastionSubnet\"],\"metadata\":{\"description\":\"Array of subnet names that are excluded from this policy\",\"displayName\":\"Excluded Subnets\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*]\",\"where\":{\"allOf\":[{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].privateEndpointNetworkPolicies\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].name\",\"notIn\":\"[parameters('excludedSubnets')]\"}]}},\"notEquals\":0}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/subnets\",\"field\":\"type\"},{\"field\":\"name\",\"notIn\":\"[parameters('excludedSubnets')]\"},{\"field\":\"Microsoft.Network/virtualNetworks/subnets/privateEndpointNetworkPolicies\",\"notEquals\":\"Enabled\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a subnet without a User Defined Route (UDR).",
- "display_name": "Subnets should have a User Defined Route",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "mode": "All",
- "name": "Deny-Subnet-Without-Udr",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedSubnets\":{\"defaultValue\":[\"AzureBastionSubnet\"],\"metadata\":{\"description\":\"Array of subnet names that are excluded from this policy\",\"displayName\":\"Excluded Subnets\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*]\",\"where\":{\"allOf\":[{\"exists\":\"false\",\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].routeTable.id\"},{\"field\":\"Microsoft.Network/virtualNetworks/subnets[*].name\",\"notIn\":\"[parameters('excludedSubnets')]\"}]}},\"notEquals\":0}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/subnets\",\"field\":\"type\"},{\"field\":\"name\",\"notIn\":\"[parameters('excludedSubnets')]\"},{\"exists\":\"false\",\"field\":\"Microsoft.Network/virtualNetworks/subnets/routeTable.id\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-UDR-With-Specific-NextHop\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-UDR-With-Specific-NextHop",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of a User Defined Route with 'Next Hop Type' set to 'Internet' or 'VirtualNetworkGateway'.",
- "display_name": "User Defined Routes with 'Next Hop Type' set to 'Internet' or 'VirtualNetworkGateway' should be denied",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-UDR-With-Specific-NextHop",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"The effect determines what happens when the policy rule is evaluated to match\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedDestinations\":{\"defaultValue\":[\"Internet\",\"VirtualNetworkGateway\"],\"metadata\":{\"description\":\"Array of route destinations that are to be denied\",\"displayName\":\"Excluded Destinations\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/routeTables\",\"field\":\"type\"},{\"count\":{\"field\":\"Microsoft.Network/routeTables/routes[*]\",\"where\":{\"field\":\"Microsoft.Network/routeTables/routes[*].nextHopType\",\"in\":\"[parameters('excludedDestinations')]\"}},\"notEquals\":0}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/routeTables/routes\",\"field\":\"type\"},{\"field\":\"Microsoft.Network/routeTables/routes/nextHopType\",\"in\":\"[parameters('excludedDestinations')]\"}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of vNet Peerings outside of the same subscriptions under the assigned scope.",
- "display_name": "Deny vNet peering cross subscription.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "All",
- "name": "Deny-VNET-Peer-Cross-Sub",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\"field\":\"type\"},{\"field\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id\",\"notcontains\":\"[subscription().id]\"}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peering-To-Non-Approved-VNETs\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peering-To-Non-Approved-VNETs",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of vNet Peerings to non-approved vNets under the assigned scope.",
- "display_name": "Deny vNet peering to non-approved vNets",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deny-VNET-Peering-To-Non-Approved-VNETs",
- "parameters": "{\"allowedVnets\":{\"defaultValue\":[],\"metadata\":{\"description\":\"Array of allowed vNets that can be peered with. Must be entered using their resource ID. Example: /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}\",\"displayName\":\"Allowed vNets to peer with\"},\"type\":\"Array\"},\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\"field\":\"type\"},{\"not\":{\"field\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id\",\"in\":\"[parameters('allowedVnets')]\"}}]},{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"not\":{\"field\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings[*].remoteVirtualNetwork.id\",\"in\":\"[parameters('allowedVnets')]\"}},{\"not\":{\"exists\":false,\"field\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings[*].remoteVirtualNetwork.id\"}}]}]},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNet-Peering\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNet-Peering",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy denies the creation of vNet Peerings under the assigned scope.",
- "display_name": "Deny vNet peering ",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "All",
- "name": "Deny-VNet-Peering",
- "parameters": "{\"effect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\"field\":\"type\"},\"then\":{\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This is a DenyAction implementation policy on Activity Logs.",
- "display_name": "DenyAction implementation on Activity Logs",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"deprecated\":false,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "DenyAction-ActivityLogs",
- "parameters": null,
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Resources/subscriptions/providers/diagnosticSettings\",\"field\":\"type\"},\"then\":{\"details\":{\"actionNames\":[\"delete\"]},\"effect\":\"denyAction\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "DenyAction implementation on Diagnostic Logs.",
- "display_name": "DenyAction implementation on Diagnostic Logs.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"deprecated\":false,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "DenyAction-DiagnosticLogs",
- "parameters": null,
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Insights/diagnosticSettings\",\"field\":\"type\"},\"then\":{\"details\":{\"actionNames\":[\"delete\"]},\"effect\":\"denyAction\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Microsoft Defender for Cloud Security Contacts",
- "display_name": "Deploy Microsoft Defender for Cloud Security Contacts",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Security Center\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Deploy-ASC-SecurityContacts",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"string\"},\"emailSecurityContact\":{\"metadata\":{\"description\":\"Provide email address for Azure Security Center contact details\",\"displayName\":\"Security contacts email address\"},\"type\":\"string\"},\"minimalSeverity\":{\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":\"High\",\"metadata\":{\"description\":\"Defines the minimal alert severity which will be sent as email notifications\",\"displayName\":\"Minimal severity\"},\"type\":\"string\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"emailSecurityContact\":{\"value\":\"[parameters('emailSecurityContact')]\"},\"minimalSeverity\":{\"value\":\"[parameters('minimalSeverity')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"emailSecurityContact\":{\"metadata\":{\"description\":\"Security contacts email address\"},\"type\":\"string\"},\"minimalSeverity\":{\"metadata\":{\"description\":\"Minimal severity level reported\"},\"type\":\"string\"}},\"resources\":[{\"apiVersion\":\"2020-01-01-preview\",\"name\":\"default\",\"properties\":{\"alertNotifications\":{\"minimalSeverity\":\"[parameters('minimalSeverity')]\",\"state\":\"On\"},\"emails\":\"[parameters('emailSecurityContact')]\",\"notificationsByRole\":{\"roles\":[\"Owner\"],\"state\":\"On\"}},\"type\":\"Microsoft.Security/securityContacts\"}],\"variables\":{}}}},\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"contains\":\"[parameters('emailSecurityContact')]\",\"field\":\"Microsoft.Security/securityContacts/email\"},{\"contains\":\"[parameters('minimalSeverity')]\",\"field\":\"Microsoft.Security/securityContacts/alertNotifications.minimalSeverity\"},{\"equals\":\"Microsoft.Security/securityContacts\",\"field\":\"type\"},{\"equals\":\"On\",\"field\":\"Microsoft.Security/securityContacts/alertNotifications\"},{\"equals\":\"On\",\"field\":\"Microsoft.Security/securityContacts/alertsToAdmins\"}]},\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"],\"type\":\"Microsoft.Security/securityContacts\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Budget\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Budget",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a default budget on all subscriptions under the assigned scope",
- "display_name": "Deploy a default budget on all subscriptions under the assigned scope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureUSGovernment\"],\"category\":\"Budget\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Deploy-Budget",
- "parameters": "{\"amount\":{\"defaultValue\":\"1000\",\"metadata\":{\"description\":\"The total amount of cost or usage to track with the budget\"},\"type\":\"String\"},\"budgetName\":{\"defaultValue\":\"budget-set-by-policy\",\"metadata\":{\"description\":\"The name for the budget to be created\"},\"type\":\"String\"},\"contactEmails\":{\"defaultValue\":[],\"metadata\":{\"description\":\"The list of email addresses, in an array, to send the budget notification to when the threshold is exceeded.\"},\"type\":\"Array\"},\"contactGroups\":{\"defaultValue\":[],\"metadata\":{\"description\":\"The list of action groups, in an array, to send the budget notification to when the threshold is exceeded. It accepts array of strings.\"},\"type\":\"Array\"},\"contactRoles\":{\"defaultValue\":[\"Owner\",\"Contributor\"],\"metadata\":{\"description\":\"The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.\"},\"type\":\"Array\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\"},\"type\":\"String\"},\"firstThreshold\":{\"defaultValue\":\"90\",\"metadata\":{\"description\":\"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"},\"type\":\"String\"},\"secondThreshold\":{\"defaultValue\":\"100\",\"metadata\":{\"description\":\"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"},\"type\":\"String\"},\"timeGrain\":{\"allowedValues\":[\"Monthly\",\"Quarterly\",\"Annually\",\"BillingMonth\",\"BillingQuarter\",\"BillingAnnual\"],\"defaultValue\":\"Monthly\",\"metadata\":{\"description\":\"The time covered by a budget. Tracking of the amount will be reset based on the time grain.\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"amount\":{\"value\":\"[parameters('amount')]\"},\"budgetName\":{\"value\":\"[parameters('budgetName')]\"},\"contactEmails\":{\"value\":\"[parameters('contactEmails')]\"},\"contactGroups\":{\"value\":\"[parameters('contactGroups')]\"},\"contactRoles\":{\"value\":\"[parameters('contactRoles')]\"},\"firstThreshold\":{\"value\":\"[parameters('firstThreshold')]\"},\"secondThreshold\":{\"value\":\"[parameters('secondThreshold')]\"},\"timeGrain\":{\"value\":\"[parameters('timeGrain')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"amount\":{\"type\":\"String\"},\"budgetName\":{\"type\":\"String\"},\"contactEmails\":{\"type\":\"Array\"},\"contactGroups\":{\"type\":\"Array\"},\"contactRoles\":{\"type\":\"Array\"},\"firstThreshold\":{\"type\":\"String\"},\"secondThreshold\":{\"type\":\"String\"},\"startDate\":{\"defaultValue\":\"[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]\",\"type\":\"String\"},\"timeGrain\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2019-10-01\",\"name\":\"[parameters('budgetName')]\",\"properties\":{\"amount\":\"[parameters('amount')]\",\"category\":\"Cost\",\"notifications\":{\"NotificationForExceededBudget1\":{\"contactEmails\":\"[parameters('contactEmails')]\",\"contactGroups\":\"[parameters('contactGroups')]\",\"contactRoles\":\"[parameters('contactRoles')]\",\"enabled\":true,\"operator\":\"GreaterThan\",\"threshold\":\"[parameters('firstThreshold')]\"},\"NotificationForExceededBudget2\":{\"contactEmails\":\"[parameters('contactEmails')]\",\"contactGroups\":\"[parameters('contactGroups')]\",\"contactRoles\":\"[parameters('contactRoles')]\",\"enabled\":true,\"operator\":\"GreaterThan\",\"threshold\":\"[parameters('secondThreshold')]\"}},\"timeGrain\":\"[parameters('timeGrain')]\",\"timePeriod\":{\"startDate\":\"[parameters('startDate')]\"}},\"type\":\"Microsoft.Consumption/budgets\"}]}}},\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('amount')]\",\"field\":\"Microsoft.Consumption/budgets/amount\"},{\"equals\":\"[parameters('timeGrain')]\",\"field\":\"Microsoft.Consumption/budgets/timeGrain\"},{\"equals\":\"Cost\",\"field\":\"Microsoft.Consumption/budgets/category\"}]},\"existenceScope\":\"subscription\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Consumption/budgets\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Custom-Route-Table\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Custom-Route-Table",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys a route table with specific user defined routes when one does not exist. The route table deployed by the policy must be manually associated to subnet(s)",
- "display_name": "Deploy a route table with specific user defined routes",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Custom-Route-Table",
- "parameters": "{\"disableBgpPropagation\":{\"defaultValue\":false,\"metadata\":{\"description\":\"Disable BGP Propagation\",\"displayName\":\"DisableBgpPropagation\"},\"type\":\"Boolean\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"requiredRoutes\":{\"metadata\":{\"description\":\"Routes that must exist in compliant route tables deployed by this policy\",\"displayName\":\"requiredRoutes\"},\"type\":\"Array\"},\"routeTableName\":{\"metadata\":{\"description\":\"Name of the route table automatically deployed by this policy\",\"displayName\":\"routeTableName\"},\"type\":\"String\"},\"vnetRegion\":{\"metadata\":{\"description\":\"Only VNets in this region will be evaluated against this policy\",\"displayName\":\"vnetRegion\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},{\"equals\":\"[parameters('vnetRegion')]\",\"field\":\"location\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"disableBgpPropagation\":{\"value\":\"[parameters('disableBgpPropagation')]\"},\"requiredRoutes\":{\"value\":\"[parameters('requiredRoutes')]\"},\"routeTableName\":{\"value\":\"[parameters('routeTableName')]\"},\"vnetRegion\":{\"value\":\"[parameters('vnetRegion')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"disableBgpPropagation\":{\"type\":\"bool\"},\"requiredRoutes\":{\"type\":\"array\"},\"routeTableName\":{\"type\":\"string\"},\"vnetRegion\":{\"type\":\"string\"}},\"resources\":[{\"apiVersion\":\"2021-04-01\",\"name\":\"routeTableDepl\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"disableBgpPropagation\":{\"value\":\"[parameters('disableBgpPropagation')]\"},\"requiredRoutes\":{\"value\":\"[parameters('requiredRoutes')]\"},\"routeTableName\":{\"value\":\"[parameters('routeTableName')]\"},\"vnetRegion\":{\"value\":\"[parameters('vnetRegion')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"parameters\":{\"disableBgpPropagation\":{\"type\":\"bool\"},\"requiredRoutes\":{\"type\":\"array\"},\"routeTableName\":{\"type\":\"string\"},\"vnetRegion\":{\"type\":\"string\"}},\"resources\":[{\"apiVersion\":\"2021-02-01\",\"location\":\"[[parameters('vnetRegion')]\",\"name\":\"[[parameters('routeTableName')]\",\"properties\":{\"copy\":\"[variables('copyLoop')]\",\"disableBgpRoutePropagation\":\"[[parameters('disableBgpPropagation')]\"},\"type\":\"Microsoft.Network/routeTables\"}]}},\"type\":\"Microsoft.Resources/deployments\"}],\"variables\":{\"copyLoop\":[{\"count\":\"[[length(parameters('requiredRoutes'))]\",\"input\":{\"name\":\"[[concat('route-',copyIndex('routes'))]\",\"properties\":{\"addressPrefix\":\"[[split(parameters('requiredRoutes')[copyIndex('routes')], ';')[0]]\",\"nextHopIpAddress\":\"[[if(equals(toLower(split(parameters('requiredRoutes')[copyIndex('routes')], ';')[1]),'virtualappliance'),split(parameters('requiredRoutes')[copyIndex('routes')], ';')[2], null())]\",\"nextHopType\":\"[[split(parameters('requiredRoutes')[copyIndex('routes')], ';')[1]]\"}},\"name\":\"routes\"}]}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('routeTableName')]\",\"field\":\"name\"},{\"count\":{\"field\":\"Microsoft.Network/routeTables/routes[*]\",\"where\":{\"in\":\"[parameters('requiredRoutes')]\",\"value\":\"[concat(current('Microsoft.Network/routeTables/routes[*].addressPrefix'), ';', current('Microsoft.Network/routeTables/routes[*].nextHopType'), if(equals(toLower(current('Microsoft.Network/routeTables/routes[*].nextHopType')),'virtualappliance'), concat(';', current('Microsoft.Network/routeTables/routes[*].nextHopIpAddress')), ''))]\"}},\"equals\":\"[length(parameters('requiredRoutes'))]\"}]},\"roleDefinitionIds\":[\"/subscriptions/e867a45d-e513-44ac-931e-4741cef80b24/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"type\":\"Microsoft.Network/routeTables\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-DDoSProtection\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-DDoSProtection",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys an Azure DDoS Network Protection",
- "display_name": "Deploy an Azure DDoS Network Protection",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.1\"}",
- "mode": "All",
- "name": "Deploy-DDoSProtection",
- "parameters": "{\"ddosName\":{\"metadata\":{\"description\":\"DDoSVnet\",\"displayName\":\"ddosName\"},\"type\":\"String\"},\"ddosRegion\":{\"metadata\":{\"description\":\"DDoSVnet location\",\"displayName\":\"ddosRegion\",\"strongType\":\"location\"},\"type\":\"String\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"rgName\":{\"metadata\":{\"description\":\"Provide name for resource group.\",\"displayName\":\"rgName\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"ddosname\":{\"value\":\"[parameters('ddosname')]\"},\"ddosregion\":{\"value\":\"[parameters('ddosRegion')]\"},\"rgName\":{\"value\":\"[parameters('rgName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"ddosRegion\":{\"type\":\"String\"},\"ddosname\":{\"type\":\"String\"},\"rgName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2018-05-01\",\"location\":\"[deployment().location]\",\"name\":\"[parameters('rgName')]\",\"properties\":{},\"type\":\"Microsoft.Resources/resourceGroups\"},{\"apiVersion\":\"2018-05-01\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]\"],\"name\":\"ddosprotection\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{},\"resources\":[{\"apiVersion\":\"2019-12-01\",\"location\":\"[parameters('ddosRegion')]\",\"name\":\"[parameters('ddosName')]\",\"properties\":{},\"type\":\"Microsoft.Network/ddosProtectionPlans\"}]}},\"resourceGroup\":\"[parameters('rgName')]\",\"type\":\"Microsoft.Resources/deployments\"}]}}},\"deploymentScope\":\"subscription\",\"existenceScope\":\"resourceGroup\",\"name\":\"[parameters('ddosName')]\",\"resourceGroupName\":\"[parameters('rgName')]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"],\"type\":\"Microsoft.Network/ddosProtectionPlans\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Automation to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-AA",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Automation/automationAccounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"JobLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"JobStreams\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DscNodeStatus\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AuditEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Automation/automationAccounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.",
- "display_name": "Deploy Diagnostic Settings for Container Instances to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ACI",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.ContainerInstance/containerGroups\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.ContainerInstance/containerGroups/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics enabled.",
- "display_name": "Deploy Diagnostic Settings for Container Registry to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ACR",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.ContainerRegistry/registries\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ContainerRegistryLoginEvents\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ContainerRegistryRepositoryEvents\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.ContainerRegistry/registries/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for API Management to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-APIMgmt",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logAnalyticsDestinationType\":{\"allowedValues\":[\"AzureDiagnostics\",\"Dedicated\"],\"defaultValue\":\"AzureDiagnostics\",\"metadata\":{\"description\":\"Select destination type for Log Analytics. Allowed values are 'Dedicated' (resource specific) and 'AzureDiagnostics'. Default is 'AzureDiagnostics'\",\"displayName\":\"Log Analytics destination type\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.ApiManagement/service\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logAnalyticsDestinationType\":{\"value\":\"[parameters('logAnalyticsDestinationType')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logAnalyticsDestinationType\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logAnalyticsDestinationType\":\"[parameters('logAnalyticsDestinationType')]\",\"logs\":[{\"category\":\"GatewayLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"WebSocketConnectionLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.ApiManagement/service/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.",
- "display_name": "Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-AVDScalingPlans",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DesktopVirtualization/scalingplans\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Autoscale\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-AnalysisService",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.AnalysisServices/servers\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Engine\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Service\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.AnalysisServices/servers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ApiForFHIR",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.HealthcareApis/services\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"AuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.HealthcareApis/services/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ApplicationGateway",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/applicationGateways\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ApplicationGatewayAccessLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ApplicationGatewayPerformanceLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ApplicationGatewayFirewallLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/applicationGateways/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Azure Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Bastion",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/bastionHosts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"BastionAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/bastionHosts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-CDNEndpoints",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Cdn/profiles/endpoints\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('fullName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"CoreAnalytics\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Cdn/profiles/endpoints/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-CognitiveServices",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.CognitiveServices/accounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Audit\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RequestResponse\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Trace\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.CognitiveServices/accounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-CosmosDB",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DocumentDB/databaseAccounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"DataPlaneRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"MongoRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"QueryRuntimeStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PartitionKeyStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PartitionKeyRUConsumption\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ControlPlaneRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"CassandraRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"GremlinRequests\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TableApiRequests\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"Requests\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DocumentDB/databaseAccounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-DLAnalytics",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DataLakeAnalytics/accounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Audit\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Requests\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-DataExplorerCluster",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Kusto/Clusters\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"SucceededIngestion\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"FailedIngestion\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"IngestionBatching\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Command\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Query\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TableUsageStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TableDetails\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Kusto/Clusters/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Data Factory to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-DataFactory",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DataFactory/factories\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ActivityRuns\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PipelineRuns\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TriggerRuns\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageEventMessages\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageExecutableStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageEventMessageContext\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageExecutionComponentPhases\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISPackageExecutionDataStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SSISIntegrationRuntimeLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SandboxPipelineRuns\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SandboxActivityRuns\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DataFactory/factories/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Databricks to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.3.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Databricks",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Databricks/workspaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"dbfs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"clusters\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"accounts\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"jobs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"notebook\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ssh\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"workspace\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"secrets\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"sqlPermissions\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"instancePools\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"sqlanalytics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"genie\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"globalInitScripts\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"iamRole\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"mlflowExperiment\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"featureStore\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RemoteHistoryService\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"mlflowAcledArtifact\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"databrickssql\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"deltaPipelines\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"modelRegistry\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"repos\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"unityCatalog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"gitCredentials\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"webTerminal\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"serverlessRealTimeInference\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"clusterLibraries\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"partnerHub\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"clamAVScan\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"capsule8Dataplane\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Databricks/workspaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-EventGridSub",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.EventGrid/eventSubscriptions\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.EventGrid/eventSubscriptions/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-EventGridSystemTopic",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.EventGrid/systemTopics\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"DeliveryFailures\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.EventGrid/systemTopics/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-EventGridTopic",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.EventGrid/topics\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"DeliveryFailures\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PublishFailures\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataPlaneRequests\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.EventGrid/topics/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-ExpressRoute",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/expressRouteCircuits\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"PeeringRouteLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/expressRouteCircuits/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Firewall to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Firewall",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logAnalyticsDestinationType\":{\"allowedValues\":[\"AzureDiagnostics\",\"Dedicated\"],\"defaultValue\":\"AzureDiagnostics\",\"metadata\":{\"description\":\"Select destination type for Log Analytics. Allowed values are 'Dedicated' (resource specific) and 'AzureDiagnostics'. Default is 'AzureDiagnostics'\",\"displayName\":\"Log Analytics destination type\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/azureFirewalls\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logAnalyticsDestinationType\":{\"value\":\"[parameters('logAnalyticsDestinationType')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logAnalyticsDestinationType\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logAnalyticsDestinationType\":\"[parameters('logAnalyticsDestinationType')]\",\"logs\":[{\"category\":\"AzureFirewallApplicationRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AzureFirewallNetworkRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AzureFirewallDnsProxy\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWNetworkRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWApplicationRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWNatRule\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWThreatIntel\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWIdpsSignature\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWDnsQuery\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWFqdnResolveFailure\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWApplicationRuleAggregation\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWNetworkRuleAggregation\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWNatRuleAggregation\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWFatFlow\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AZFWFlowTrace\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/azureFirewalls/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Front Door to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-FrontDoor",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/frontDoors\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"FrontdoorAccessLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"FrontdoorWebApplicationFirewallLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/frontDoors/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Function",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"contains\":\"functionapp\",\"value\":\"[field('kind')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"FunctionAppLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Web/sites/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for HDInsight to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-HDInsight",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.HDInsight/clusters\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.HDInsight/clusters/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-LoadBalancer",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/loadBalancers\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"LoadBalancerAlertEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"LoadBalancerProbeHealthStatus\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/loadBalancers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Log Analytics workspaces to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-LogAnalytics",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"microsoft.operationalinsights/workspaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Audit\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"microsoft.operationalinsights/workspaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-LogicAppsISE",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Logic/integrationAccounts\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"IntegrationAccountTrackingEvents\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Logic/integrationAccounts/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for MariaDB to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-MariaDB",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DBforMariaDB/servers\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"MySqlSlowLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"MySqlAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DBforMariaDB/servers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-MediaService",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Media/mediaServices\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"KeyDeliveryRequests\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Media/mediaServices/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-MlWorkspace",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.MachineLearningServices/workspaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"AmlComputeClusterEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AmlComputeClusterNodeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AmlComputeJobEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AmlComputeCpuGpuUtilization\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AmlRunStatusChangedEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ModelsChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ModelsReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ModelsActionEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeploymentReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeploymentEventACI\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeploymentEventAKS\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"InferencingOperationAKS\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"InferencingOperationACI\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataLabelChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataLabelReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ComputeInstanceEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataStoreChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataStoreReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataSetChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DataSetReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PipelineChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"PipelineReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RunEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RunReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"EnvironmentChangeEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"EnvironmentReadEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false}}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.MachineLearningServices/workspaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-MySQL",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DBforMySQL/servers\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"MySqlSlowLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"MySqlAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DBforMySQL/servers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-NIC",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/networkInterfaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/networkInterfaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-NetworkSecurityGroups",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/networkSecurityGroups\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"NetworkSecurityGroupEvent\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"NetworkSecurityGroupRuleCounter\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-PostgreSQL",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"anyOf\":[{\"equals\":\"Microsoft.DBforPostgreSQL/flexibleServers\",\"field\":\"type\"},{\"equals\":\"Microsoft.DBforPostgreSQL/servers\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"resourceType\":{\"value\":\"[field('type')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"},\"resourceType\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2021-05-01-preview\",\"condition\":\"[startsWith(parameters('resourceType'),'Microsoft.DBforPostgreSQL/flexibleServers')]\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"PostgreSQLLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DBforPostgreSQL/flexibleServers/providers/diagnosticSettings\"},{\"apiVersion\":\"2021-05-01-preview\",\"condition\":\"[startsWith(parameters('resourceType'),'Microsoft.DBforPostgreSQL/servers')]\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"PostgreSQLLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"QueryStoreRuntimeStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"QueryStoreWaitStatistics\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DBforPostgreSQL/servers/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-PowerBIEmbedded",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.PowerBIDedicated/capacities\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Engine\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.PowerBIDedicated/capacities/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-RedisCache",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Cache/redis\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Cache/redis/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Relay to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Relay",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Relay/namespaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"HybridConnectionsEvent\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Relay/namespaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-SQLElasticPools",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/elasticPools\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('fullName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Sql/servers/elasticPools/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-SQLMI",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/managedInstances\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ResourceUsageStats\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SQLSecurityAuditEvents\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DevOpsOperationsAudit\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Sql/managedInstances/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for SignalR to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-SignalR",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.SignalRService/SignalR\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"AllLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.SignalRService/SignalR/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-TimeSeriesInsights",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.TimeSeriesInsights/environments\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Ingress\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Management\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.TimeSeriesInsights/environments/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-TrafficManager",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/trafficManagerProfiles\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"ProbeHealthStatusEvents\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/trafficManagerProfiles/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VM",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Compute/virtualMachines\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false}}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Compute/virtualMachines/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Virtual Machine Scale Sets to stream to a Log Analytics workspace when any Virtual Machine Scale Sets which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VMSS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Compute/virtualMachineScaleSets\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false}}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Compute/virtualMachineScaleSets/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.",
- "display_name": "Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.1\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VNetGW",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/virtualNetworkGateways\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"GatewayDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"IKEDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"P2SDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RouteDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TunnelDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/virtualNetworkGateways/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for VWAN S2S VPN Gateway to stream to a Log Analytics workspace when any VWAN S2S VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.",
- "display_name": "Deploy Diagnostic Settings for VWAN S2S VPN Gateway to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VWanS2SVPNGW",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/vpnGateways\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"GatewayDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"IKEDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"RouteDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TunnelDiagnosticLog\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/vpnGateways/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-VirtualNetwork",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/virtualNetworks\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"VMProtectionAlerts\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false}}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Network/virtualNetworks/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for AVD Application group to stream to a Log Analytics workspace when any application group which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.",
- "display_name": "Deploy Diagnostic Settings for AVD Application group to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.1\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-WVDAppGroup",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DesktopVirtualization/applicationGroups\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Checkpoint\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Error\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Management\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DesktopVirtualization/applicationGroups/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for AVD Host Pools to stream to a Log Analytics workspace when any Host Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.",
- "display_name": "Deploy Diagnostic Settings for AVD Host Pools to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.3.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-WVDHostPools",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DesktopVirtualization/hostpools\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Checkpoint\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Error\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Management\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Connection\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"HostRegistration\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AgentHealthStatus\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"NetworkData\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"SessionHostManagement\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"ConnectionGraphicsData\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DesktopVirtualization/hostpools/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.",
- "display_name": "Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.1\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-WVDWorkspace",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.DesktopVirtualization/workspaces\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Checkpoint\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Error\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Management\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Feed\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.DesktopVirtualization/workspaces/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-WebServerFarm",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Web/serverfarms\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Web/serverfarms/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for App Service to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-Website",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Web/sites\",\"field\":\"type\"},{\"notContains\":\"functionapp\",\"value\":\"[field('kind')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"},\"serverFarmId\":{\"value\":\"[field('Microsoft.Web/sites/serverFarmId')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{\"policy\":{\"type\":\"string\",\"value\":\"[concat(parameters('logAnalytics'), 'configured for diagnostic logs for ', ': ', parameters('resourceName'))]\"}},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"},\"serverFarmId\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":\"[if(startsWith(reference(parameters('serverFarmId'), '2021-03-01', 'Full').sku.tier, 'Premium'), variables('logs').premiumTierLogs, variables('logs').otherTierLogs)]\",\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Web/sites/providers/diagnosticSettings\"}],\"variables\":{\"logs\":{\"otherTierLogs\":[{\"category\":\"AppServiceHTTPLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceConsoleLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceAppLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceIPSecAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServicePlatformLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"premiumTierLogs\":[{\"category\":\"AppServiceAntivirusScanAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceHTTPLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceConsoleLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceAppLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceFileAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServiceIPSecAuditLogs\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"AppServicePlatformLogs\",\"enabled\":\"[parameters('logsEnabled')]\"}]}}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('logsEnabled')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"[parameters('metricsEnabled')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled",
- "display_name": "Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Diagnostics-iotHub",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"logsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable logs stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable logs\"},\"type\":\"String\"},\"metricsEnabled\":{\"allowedValues\":[\"True\",\"False\"],\"defaultValue\":\"True\",\"metadata\":{\"description\":\"Whether to enable metrics stream to the Log Analytics workspace - True or False\",\"displayName\":\"Enable metrics\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Devices/IotHubs\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logsEnabled\":{\"value\":\"[parameters('logsEnabled')]\"},\"metricsEnabled\":{\"value\":\"[parameters('metricsEnabled')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"logsEnabled\":{\"type\":\"String\"},\"metricsEnabled\":{\"type\":\"String\"},\"profileName\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-05-01-preview\",\"dependsOn\":[],\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\"properties\":{\"logs\":[{\"category\":\"Connections\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeviceTelemetry\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"C2DCommands\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeviceIdentityOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"FileUploadOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Routes\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"D2CTwinOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"C2DTwinOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"TwinQueries\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"JobsOperations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DirectMethods\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DistributedTracing\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"Configurations\",\"enabled\":\"[parameters('logsEnabled')]\"},{\"category\":\"DeviceStreams\",\"enabled\":\"[parameters('logsEnabled')]\"}],\"metrics\":[{\"category\":\"AllMetrics\",\"enabled\":\"[parameters('metricsEnabled')]\",\"retentionPolicy\":{\"days\":0,\"enabled\":false},\"timeGrain\":null}],\"workspaceId\":\"[parameters('logAnalytics')]\"},\"type\":\"Microsoft.Devices/IotHubs/providers/diagnosticSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/logs.enabled\"},{\"equals\":\"true\",\"field\":\"Microsoft.Insights/diagnosticSettings/metrics.enabled\"},{\"equals\":\"[parameters('logAnalytics')]\",\"field\":\"Microsoft.Insights/diagnosticSettings/workspaceId\"}]},\"name\":\"[parameters('profileName')]\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Insights/diagnosticSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-FirewallPolicy\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-FirewallPolicy",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys Azure Firewall Manager policy in subscription where the policy is assigned.",
- "display_name": "Deploy Azure Firewall Manager policy in the subscription",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "All",
- "name": "Deploy-FirewallPolicy",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"fwPolicyRegion\":{\"metadata\":{\"description\":\"Select Azure region for Azure Firewall Policy\",\"displayName\":\"fwPolicyRegion\",\"strongType\":\"location\"},\"type\":\"String\"},\"fwpolicy\":{\"defaultValue\":{},\"metadata\":{\"description\":\"Object describing Azure Firewall Policy\",\"displayName\":\"fwpolicy\"},\"type\":\"Object\"},\"rgName\":{\"metadata\":{\"description\":\"Provide name for resource group.\",\"displayName\":\"rgName\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"fwPolicy\":{\"value\":\"[parameters('fwPolicy')]\"},\"fwPolicyRegion\":{\"value\":\"[parameters('fwPolicyRegion')]\"},\"rgName\":{\"value\":\"[parameters('rgName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"fwPolicy\":{\"type\":\"object\"},\"fwPolicyRegion\":{\"type\":\"String\"},\"rgName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2018-05-01\",\"location\":\"[deployment().location]\",\"name\":\"[parameters('rgName')]\",\"properties\":{},\"type\":\"Microsoft.Resources/resourceGroups\"},{\"apiVersion\":\"2018-05-01\",\"dependsOn\":[\"[resourceId('Microsoft.Resources/resourceGroups/', parameters('rgName'))]\"],\"name\":\"fwpolicies\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{},\"resources\":[{\"apiVersion\":\"2019-09-01\",\"dependsOn\":[],\"location\":\"[parameters('fwpolicy').location]\",\"name\":\"[parameters('fwpolicy').firewallPolicyName]\",\"properties\":{},\"resources\":[{\"apiVersion\":\"2019-09-01\",\"dependsOn\":[\"[resourceId('Microsoft.Network/firewallPolicies',parameters('fwpolicy').firewallPolicyName)]\"],\"name\":\"[parameters('fwpolicy').ruleGroups.name]\",\"properties\":{\"priority\":\"[parameters('fwpolicy').ruleGroups.properties.priority]\",\"rules\":\"[parameters('fwpolicy').ruleGroups.properties.rules]\"},\"type\":\"ruleGroups\"}],\"tags\":{},\"type\":\"Microsoft.Network/firewallPolicies\"}],\"variables\":{}}},\"resourceGroup\":\"[parameters('rgName')]\",\"type\":\"Microsoft.Resources/deployments\"}]}}},\"deploymentScope\":\"subscription\",\"existenceScope\":\"resourceGroup\",\"resourceGroupName\":\"[parameters('rgName')]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Network/firewallPolicies\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "Azure Database for MySQL server deploy a specific min TLS version and enforce SSL.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-MySQL-sslEnforcement",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure Database for MySQL server\",\"displayName\":\"Effect minimum TLS version Azure Database for MySQL server\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for MySQL server to enforce\",\"displayName\":\"Select version minimum TLS for MySQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforMySQL/servers\",\"field\":\"type\"},{\"anyOf\":[{\"field\":\"Microsoft.DBforMySQL/servers/sslEnforcement\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('minimalTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimalTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-12-01\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimalTlsVersion\":\"[parameters('minimalTlsVersion')]\",\"sslEnforcement\":\"[if(equals(parameters('minimalTlsVersion'), 'TLSEnforcementDisabled'),'Disabled', 'Enabled')]\"},\"type\":\"Microsoft.DBforMySQL/servers\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"Enabled\",\"field\":\"Microsoft.DBforMySQL/servers/sslEnforcement\"},{\"equals\":\"[parameters('minimalTlsVersion')]\",\"field\":\"Microsoft.DBforMySQL/servers/minimalTlsVersion\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.DBforMySQL/servers\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "[Deprecated] Deprecated by built-in policy. Deploys NSG flow logs and traffic analytics to a storageaccountid with a specified retention period. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/e920df7f-9a64-4066-9b58-52684c02a091.html",
- "display_name": "[Deprecated] Deploys NSG flow logs and traffic analytics",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"e920df7f-9a64-4066-9b58-52684c02a091\",\"version\":\"1.0.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deploy-Nsg-FlowLogs",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"flowAnalyticsEnabled\":{\"defaultValue\":false,\"metadata\":{\"displayName\":\"Enable Traffic Analytics\"},\"type\":\"Boolean\"},\"logAnalytics\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Resource ID of Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"retention\":{\"defaultValue\":5,\"metadata\":{\"displayName\":\"Retention\"},\"type\":\"Integer\"},\"storageAccountResourceId\":{\"metadata\":{\"displayName\":\"Storage Account Resource Id\",\"strongType\":\"Microsoft.Storage/storageAccounts\"},\"type\":\"String\"},\"trafficAnalyticsInterval\":{\"defaultValue\":60,\"metadata\":{\"displayName\":\"Traffic Analytics processing interval mins (10/60)\"},\"type\":\"Integer\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Network/networkSecurityGroups\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"flowAnalyticsEnabled\":{\"value\":\"[parameters('flowAnalyticsEnabled')]\"},\"location\":{\"value\":\"[field('location')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"networkSecurityGroupName\":{\"value\":\"[field('name')]\"},\"resourceGroupName\":{\"value\":\"[resourceGroup().name]\"},\"retention\":{\"value\":\"[parameters('retention')]\"},\"storageAccountResourceId\":{\"value\":\"[parameters('storageAccountResourceId')]\"},\"trafficAnalyticsInterval\":{\"value\":\"[parameters('trafficAnalyticsInterval')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"flowAnalyticsEnabled\":{\"type\":\"bool\"},\"location\":{\"type\":\"String\"},\"logAnalytics\":{\"type\":\"String\"},\"networkSecurityGroupName\":{\"type\":\"String\"},\"resourceGroupName\":{\"type\":\"String\"},\"retention\":{\"type\":\"int\"},\"storageAccountResourceId\":{\"type\":\"String\"},\"trafficAnalyticsInterval\":{\"type\":\"int\"}},\"resources\":[{\"apiVersion\":\"2020-05-01\",\"location\":\"[parameters('location')]\",\"name\":\"[take(concat('NetworkWatcher_', toLower(parameters('location')), '/', parameters('networkSecurityGroupName'), '-', parameters('resourceGroupName'), '-flowlog' ), 80)]\",\"properties\":{\"enabled\":true,\"flowAnalyticsConfiguration\":{\"networkWatcherFlowAnalyticsConfiguration\":{\"enabled\":\"[bool(parameters('flowAnalyticsEnabled'))]\",\"trafficAnalyticsInterval\":\"[parameters('trafficAnalyticsInterval')]\",\"workspaceId\":\"[if(not(empty(parameters('logAnalytics'))), reference(parameters('logAnalytics'), '2020-03-01-preview', 'Full').properties.customerId, json('null')) ]\",\"workspaceRegion\":\"[if(not(empty(parameters('logAnalytics'))), reference(parameters('logAnalytics'), '2020-03-01-preview', 'Full').location, json('null')) ]\",\"workspaceResourceId\":\"[if(not(empty(parameters('logAnalytics'))), parameters('logAnalytics'), json('null'))]\"}},\"format\":{\"type\":\"JSON\",\"version\":2},\"retentionPolicy\":{\"days\":\"[parameters('retention')]\",\"enabled\":true},\"storageId\":\"[parameters('storageAccountResourceId')]\",\"targetResourceId\":\"[resourceId(parameters('resourceGroupName'), 'Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]\"},\"type\":\"Microsoft.Network/networkWatchers/flowLogs\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Network/networkWatchers/flowLogs/enabled\"},{\"equals\":\"[parameters('flowAnalyticsEnabled')]\",\"field\":\"Microsoft.Network/networkWatchers/flowLogs/flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled\"}]},\"resourceGroupName\":\"NetworkWatcherRG\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"],\"type\":\"Microsoft.Network/networkWatchers/flowLogs\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs-to-LA\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs-to-LA",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "[Deprecated] Deprecated by built-in policy. Deploys NSG flow logs and traffic analytics to Log Analytics with a specified retention period. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/e920df7f-9a64-4066-9b58-52684c02a091.html",
- "display_name": "[Deprecated] Deploys NSG flow logs and traffic analytics to Log Analytics",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"e920df7f-9a64-4066-9b58-52684c02a091\",\"version\":\"1.1.0-deprecated\"}",
- "mode": "Indexed",
- "name": "Deploy-Nsg-FlowLogs-to-LA",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"interval\":{\"defaultValue\":60,\"metadata\":{\"displayName\":\"Traffic Analytics processing interval mins (10/60)\"},\"type\":\"Integer\"},\"retention\":{\"defaultValue\":5,\"metadata\":{\"displayName\":\"Retention\"},\"type\":\"Integer\"},\"workspace\":{\"defaultValue\":\"\\u003cworkspace resource ID\\u003e\",\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Resource ID of Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Network/networkSecurityGroups\",\"field\":\"type\"}]},\"then\":{\"details\":{\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"interval\":{\"value\":\"[parameters('interval')]\"},\"location\":{\"value\":\"[field('location')]\"},\"networkSecurityGroup\":{\"value\":\"[field('id')]\"},\"retention\":{\"value\":\"[parameters('retention')]\"},\"workspace\":{\"value\":\"[parameters('workspace')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"interval\":{\"type\":\"int\"},\"location\":{\"type\":\"String\"},\"networkSecurityGroup\":{\"type\":\"String\"},\"retention\":{\"type\":\"int\"},\"time\":{\"defaultValue\":\"[utcNow()]\",\"type\":\"String\"},\"workspace\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2019-10-01\",\"name\":\"[concat(variables('resourceGroupName'), '.', variables('securityGroupName'))]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"apiVersion\":\"2019-06-01\",\"kind\":\"StorageV2\",\"location\":\"[parameters('location')]\",\"name\":\"[variables('storageAccountName')]\",\"properties\":{},\"sku\":{\"name\":\"Standard_LRS\",\"tier\":\"Standard\"},\"type\":\"Microsoft.Storage/storageAccounts\"}]}},\"resourceGroup\":\"[variables('resourceGroupName')]\",\"type\":\"Microsoft.Resources/deployments\"},{\"apiVersion\":\"2019-10-01\",\"dependsOn\":[\"[concat(variables('resourceGroupName'), '.', variables('securityGroupName'))]\"],\"name\":\"[concat('NetworkWatcherRG', '.', variables('securityGroupName'))]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"resources\":[{\"apiVersion\":\"2020-05-01\",\"location\":\"[parameters('location')]\",\"name\":\"[concat('NetworkWatcher_', toLower(parameters('location')))]\",\"properties\":{},\"resources\":[{\"apiVersion\":\"2019-11-01\",\"dependsOn\":[\"[concat('NetworkWatcher_', toLower(parameters('location')))]\"],\"location\":\"[parameters('location')]\",\"name\":\"[concat(variables('securityGroupName'), '-Network-flowlog')]\",\"properties\":{\"enabled\":true,\"flowAnalyticsConfiguration\":{\"networkWatcherFlowAnalyticsConfiguration\":{\"enabled\":true,\"trafficAnalyticsInterval\":\"[parameters('interval')]\",\"workspaceResourceId\":\"[parameters('workspace')]\"}},\"format\":{\"type\":\"JSON\",\"version\":2},\"retentionPolicy\":{\"days\":\"[parameters('retention')]\",\"enabled\":true},\"storageId\":\"[concat(subscription().id, '/resourceGroups/', variables('resourceGroupName'), '/providers/Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]\",\"targetResourceId\":\"[parameters('networkSecurityGroup')]\"},\"type\":\"flowLogs\"}],\"type\":\"Microsoft.Network/networkWatchers\"}]}},\"resourceGroup\":\"NetworkWatcherRG\",\"type\":\"Microsoft.Resources/deployments\"}],\"variables\":{\"resourceGroupName\":\"[split(parameters('networkSecurityGroup'), '/')[4]]\",\"securityGroupName\":\"[split(parameters('networkSecurityGroup'), '/')[8]]\",\"storageAccountName\":\"[concat('es', uniqueString(variables('securityGroupName'), parameters('time')))]\"}}}},\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Network/networkWatchers/flowLogs/enabled\"}]},\"existenceScope\":\"resourceGroup\",\"name\":\"[if(empty(coalesce(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id'))), 'null/null', concat(split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[8], '/', split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[10]))]\",\"resourceGroupName\":\"[if(empty(coalesce(field('Microsoft.Network/networkSecurityGroups/flowLogs'))), 'NetworkWatcherRG', split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[4])]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\",\"/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12\",\"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\",\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Network/networkWatchers/flowlogs\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "Azure Database for PostgreSQL server deploy a specific min TLS version requirement and enforce SSL ",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-PostgreSQL-sslEnforcement",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure Database for PostgreSQL server\",\"displayName\":\"Effect Azure Database for PostgreSQL server\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for PostgreSQL server to enforce\",\"displayName\":\"Select version for PostgreSQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.DBforPostgreSQL/servers\",\"field\":\"type\"},{\"anyOf\":[{\"field\":\"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\"notEquals\":\"Enabled\"},{\"field\":\"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\"notEquals\":\"[parameters('minimalTlsVersion')]\"}]}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('minimalTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimalTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-12-01\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimalTlsVersion\":\"[parameters('minimalTlsVersion')]\",\"sslEnforcement\":\"[if(equals(parameters('minimalTlsVersion'), 'TLSEnforcementDisabled'),'Disabled', 'Enabled')]\"},\"type\":\"Microsoft.DBforPostgreSQL/servers\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"Enabled\",\"field\":\"Microsoft.DBforPostgreSQL/servers/sslEnforcement\"},{\"equals\":\"[parameters('minimalTlsVersion')]\",\"field\":\"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\"}]},\"name\":\"current\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.DBforPostgreSQL/servers\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "SQL servers deploys a specific min TLS version requirement.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "Indexed",
- "name": "Deploy-SQL-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version SQL servers\",\"displayName\":\"Effect SQL servers\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version SQL servers to enforce\",\"displayName\":\"Select version for SQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/servers\",\"field\":\"type\"},{\"field\":\"Microsoft.Sql/servers/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('minimalTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimalTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2019-06-01-preview\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimalTlsVersion\":\"[parameters('minimalTlsVersion')]\"},\"type\":\"Microsoft.Sql/servers\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('minimalTlsVersion')]\",\"field\":\"Microsoft.Sql/servers/minimalTlsVersion\"}]},\"name\":\"current\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437\"],\"type\":\"Microsoft.Sql/servers\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy auditing settings to SQL Database when it not exist in the deployment",
- "display_name": "Deploy SQL database auditing settings",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-AuditingSettings",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-03-01-preview\",\"name\":\"[concat( parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\"properties\":{\"auditActionsAndGroups\":[\"BATCH_COMPLETED_GROUP\",\"DATABASE_OBJECT_CHANGE_GROUP\",\"SCHEMA_OBJECT_CHANGE_GROUP\",\"BACKUP_RESTORE_GROUP\",\"APPLICATION_ROLE_CHANGE_PASSWORD_GROUP\",\"DATABASE_PRINCIPAL_CHANGE_GROUP\",\"DATABASE_PRINCIPAL_IMPERSONATION_GROUP\",\"DATABASE_ROLE_MEMBER_CHANGE_GROUP\",\"USER_CHANGE_PASSWORD_GROUP\",\"DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\",\"DATABASE_OBJECT_PERMISSION_CHANGE_GROUP\",\"DATABASE_PERMISSION_CHANGE_GROUP\",\"SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\",\"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\",\"FAILED_DATABASE_AUTHENTICATION_GROUP\"],\"isAzureMonitorTargetEnabled\":true,\"state\":\"enabled\"},\"type\":\"Microsoft.Sql/servers/databases/auditingSettings\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"enabled\",\"field\":\"Microsoft.Sql/servers/databases/auditingSettings/state\"},{\"equals\":\"true\",\"field\":\"Microsoft.Sql/servers/databases/auditingSettings/isAzureMonitorTargetEnabled\"}]},\"name\":\"default\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"type\":\"Microsoft.Sql/servers/databases/auditingSettings\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration",
- "display_name": "Deploy SQL Database security Alert Policies configuration with email admin accounts",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.1\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-SecurityAlertPolicies",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"emailAddresses\":{\"defaultValue\":[\"admin@contoso.com\",\"admin@fabrikam.com\"],\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"emailAddresses\":{\"value\":\"[parameters('emailAddresses')]\"},\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"emailAddresses\":{\"type\":\"Array\"},\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2018-06-01-preview\",\"name\":\"[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\"properties\":{\"disabledAlerts\":[\"\"],\"emailAccountAdmins\":true,\"emailAddresses\":\"[parameters('emailAddresses')]\",\"retentionDays\":0,\"state\":\"Enabled\",\"storageAccountAccessKey\":\"\",\"storageEndpoint\":null},\"type\":\"Microsoft.Sql/servers/databases/securityAlertPolicies\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"Enabled\",\"field\":\"Microsoft.Sql/servers/databases/securityAlertPolicies/state\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"type\":\"Microsoft.Sql/servers/databases/securityAlertPolicies\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy the Transparent Data Encryption when it is not enabled in the deployment. Please use this policy instead https://www.azadvertizer.net/azpolicyadvertizer/86a912f6-9a06-4e26-b447-11b16ba8659f.html",
- "display_name": "[Deprecated] Deploy SQL Database Transparent Data Encryption",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"86a912f6-9a06-4e26-b447-11b16ba8659f\",\"version\":\"1.1.1-deprecated\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-Tde",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"excludedDatabases\":{\"defaultValue\":[\"master\",\"model\",\"tempdb\",\"msdb\",\"resource\"],\"metadata\":{\"description\":\"Array of databases that are excluded from this policy\",\"displayName\":\"Excluded Databases\"},\"type\":\"Array\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},{\"field\":\"name\",\"notIn\":\"[parameters('excludedDatabases')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2014-04-01\",\"name\":\"[concat( parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/current')]\",\"properties\":{\"status\":\"Enabled\"},\"type\":\"Microsoft.Sql/servers/databases/transparentDataEncryption\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"Enabled\",\"field\":\"Microsoft.Sql/transparentDataEncryption.status\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"],\"type\":\"Microsoft.Sql/servers/databases/transparentDataEncryption\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy SQL Database vulnerability Assessments when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Sql-vulnerabilityAssessments_20230706.html",
- "display_name": "[Deprecated]: Deploy SQL Database vulnerability Assessments",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"deprecated\":true,\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"supersededBy\":\"Deploy-Sql-vulnerabilityAssessments_20230706\",\"version\":\"1.0.1-deprecated\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-vulnerabilityAssessments",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"metadata\":{\"description\":\"The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'\",\"displayName\":\"The email address to send alerts. For multiple emails, format in the following 'email1@contoso.com;email2@contoso.com'\"},\"type\":\"String\"},\"vulnerabilityAssessmentsStorageID\":{\"metadata\":{\"description\":\"The storage account ID to store assessments\",\"displayName\":\"The storage account ID to store assessments\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"},\"vulnerabilityAssessmentsEmail\":{\"value\":\"[parameters('vulnerabilityAssessmentsEmail')]\"},\"vulnerabilityAssessmentsStorageID\":{\"value\":\"[parameters('vulnerabilityAssessmentsStorageID')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"type\":\"String\"},\"vulnerabilityAssessmentsStorageID\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-03-01-preview\",\"name\":\"[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\"properties\":{\"recurringScans\":{\"emailSubscriptionAdmins\":false,\"emails\":[\"[parameters('vulnerabilityAssessmentsEmail')]\"],\"isEnabled\":true},\"storageAccountAccessKey\":\"[listkeys(parameters('vulnerabilityAssessmentsStorageID'), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]\",\"storageContainerPath\":\"[concat('https://', last( split(parameters('vulnerabilityAssessmentsStorageID') , '/') ) , '.blob.core.windows.net/vulneraabilitylogs')]\"},\"type\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('vulnerabilityAssessmentsEmail')]\",\"field\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails\"},{\"equals\":true,\"field\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.isEnabled\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"type\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy SQL Database Vulnerability Assessments when it does not exist in the deployment, and save results to the storage account specified in the parameters.",
- "display_name": "Deploy SQL Database Vulnerability Assessments",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"replacesPolicy\":\"Deploy-Sql-vulnerabilityAssessments\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Sql-vulnerabilityAssessments_20230706",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"metadata\":{\"description\":\"The email address(es) to send alerts.\",\"displayName\":\"The email address(es) to send alerts.\"},\"type\":\"Array\"},\"vulnerabilityAssessmentsStorageID\":{\"metadata\":{\"description\":\"The storage account ID to store assessments\",\"displayName\":\"The storage account ID to store assessments\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Sql/servers/databases\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"sqlServerDataBaseName\":{\"value\":\"[field('name')]\"},\"sqlServerName\":{\"value\":\"[first(split(field('fullname'),'/'))]\"},\"vulnerabilityAssessmentsEmail\":{\"value\":\"[parameters('vulnerabilityAssessmentsEmail')]\"},\"vulnerabilityAssessmentsStorageID\":{\"value\":\"[parameters('vulnerabilityAssessmentsStorageID')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"sqlServerDataBaseName\":{\"type\":\"String\"},\"sqlServerName\":{\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"type\":\"Array\"},\"vulnerabilityAssessmentsStorageID\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2017-03-01-preview\",\"name\":\"[concat(parameters('sqlServerName'),'/',parameters('sqlServerDataBaseName'),'/default')]\",\"properties\":{\"recurringScans\":{\"emailSubscriptionAdmins\":false,\"emails\":\"[parameters('vulnerabilityAssessmentsEmail')]\",\"isEnabled\":true},\"storageAccountAccessKey\":\"[listkeys(parameters('vulnerabilityAssessmentsStorageID'), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]\",\"storageContainerPath\":\"[concat('https://', last( split(parameters('vulnerabilityAssessmentsStorageID') , '/') ) , '.blob.core.windows.net/vulneraabilitylogs')]\"},\"type\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"count\":{\"field\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails[*]\",\"where\":{\"notIn\":\"[parameters('vulnerabilityAssessmentsEmail')]\",\"value\":\"current(Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.emails[*])\"}},\"greater\":0},{\"equals\":true,\"field\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments/recurringScans.isEnabled\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\"/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\"/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"type\":\"Microsoft.Sql/servers/databases/vulnerabilityAssessments\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a specific min TLS version requirement and enforce SSL on SQL managed instances. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
- "display_name": "SQL managed instances deploy a specific min TLS version requirement.",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-SqlMi-minTLS",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version SQL servers\",\"displayName\":\"Effect SQL servers\"},\"type\":\"String\"},\"minimalTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.1\",\"1.0\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version SQL servers to enforce\",\"displayName\":\"Select version for SQL server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Sql/managedInstances\",\"field\":\"type\"},{\"field\":\"Microsoft.Sql/managedInstances/minimalTlsVersion\",\"notequals\":\"[parameters('minimalTlsVersion')]\"}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('minimalTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimalTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2020-02-02-preview\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimalTlsVersion\":\"[parameters('minimalTlsVersion')]\"},\"type\":\"Microsoft.Sql/managedInstances\"}],\"variables\":{}}}},\"evaluationDelay\":\"AfterProvisioningSuccess\",\"existenceCondition\":{\"allOf\":[{\"equals\":\"[parameters('minimalTlsVersion')]\",\"field\":\"Microsoft.Sql/managedInstances/minimalTlsVersion\"}]},\"name\":\"current\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d\"],\"type\":\"Microsoft.Sql/managedInstances\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Storage. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your Azure Storage.",
- "display_name": "Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS ",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Storage\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.2.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Storage-sslEnforcement",
- "parameters": "{\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy minimum TLS version Azure STorage\",\"displayName\":\"Effect Azure Storage\"},\"type\":\"String\"},\"minimumTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_1\",\"TLS1_0\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure STorage to enforce\",\"displayName\":\"Select TLS version for Azure Storage server\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Storage/storageAccounts\",\"field\":\"type\"},{\"anyOf\":[{\"field\":\"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\"notEquals\":\"true\"},{\"field\":\"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\"notEquals\":\"[parameters('minimumTlsVersion')]\"}]}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"location\":{\"value\":\"[field('location')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('minimumTlsVersion')]\"},\"resourceName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"location\":{\"type\":\"String\"},\"minimumTlsVersion\":{\"type\":\"String\"},\"resourceName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2019-06-01\",\"location\":\"[parameters('location')]\",\"name\":\"[concat(parameters('resourceName'))]\",\"properties\":{\"minimumTlsVersion\":\"[parameters('minimumTlsVersion')]\",\"supportsHttpsTrafficOnly\":true},\"type\":\"Microsoft.Storage/storageAccounts\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"true\",\"field\":\"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\"},{\"equals\":\"[parameters('minimumTlsVersion')]\",\"field\":\"Microsoft.Storage/storageAccounts/minimumTlsVersion\"}]},\"name\":\"current\",\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"],\"type\":\"Microsoft.Storage/storageAccounts\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-VNET-HubSpoke\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-VNET-HubSpoke",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy deploys virtual network and peer to the hub",
- "display_name": "Deploy Virtual Network with peering to the hub",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.1.0\"}",
- "mode": "All",
- "name": "Deploy-VNET-HubSpoke",
- "parameters": "{\"dnsServers\":{\"defaultValue\":[],\"metadata\":{\"description\":\"Default domain servers for the vNET.\",\"displayName\":\"DNSServers\"},\"type\":\"Array\"},\"hubResourceId\":{\"metadata\":{\"description\":\"Resource ID for the HUB vNet\",\"displayName\":\"hubResourceId\"},\"type\":\"String\"},\"vNetCidrRange\":{\"metadata\":{\"description\":\"CIDR Range for the vNet\",\"displayName\":\"vNetCidrRange\"},\"type\":\"String\"},\"vNetLocation\":{\"metadata\":{\"description\":\"Location for the vNet\",\"displayName\":\"vNetLocation\"},\"type\":\"String\"},\"vNetName\":{\"metadata\":{\"description\":\"Name of the landing zone vNet\",\"displayName\":\"vNetName\"},\"type\":\"String\"},\"vNetPeerUseRemoteGateway\":{\"defaultValue\":false,\"metadata\":{\"description\":\"Enable gateway transit for the LZ network\",\"displayName\":\"vNetPeerUseRemoteGateway\"},\"type\":\"Boolean\"},\"vNetRgName\":{\"metadata\":{\"description\":\"Name of the landing zone vNet RG\",\"displayName\":\"vNetRgName\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Resources/subscriptions\",\"field\":\"type\"}]},\"then\":{\"details\":{\"ResourceGroupName\":\"[parameters('vNetRgName')]\",\"deployment\":{\"location\":\"northeurope\",\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"dnsServers\":{\"value\":\"[parameters('dnsServers')]\"},\"hubResourceId\":{\"value\":\"[parameters('hubResourceId')]\"},\"vNetCidrRange\":{\"value\":\"[parameters('vNetCidrRange')]\"},\"vNetLocation\":{\"value\":\"[parameters('vNetLocation')]\"},\"vNetName\":{\"value\":\"[parameters('vNetName')]\"},\"vNetPeerUseRemoteGateway\":{\"value\":\"[parameters('vNetPeerUseRemoteGateway')]\"},\"vNetRgName\":{\"value\":\"[parameters('vNetRgName')]\"}},\"template\":{\"$schema\":\"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"dnsServers\":{\"defaultValue\":[],\"type\":\"Array\"},\"hubResourceId\":{\"type\":\"String\"},\"vNetCidrRange\":{\"type\":\"String\"},\"vNetLocation\":{\"type\":\"String\"},\"vNetName\":{\"type\":\"String\"},\"vNetPeerUseRemoteGateway\":{\"defaultValue\":false,\"type\":\"bool\"},\"vNetRgName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2021-04-01\",\"dependsOn\":[],\"location\":\"[parameters('vNetLocation')]\",\"name\":\"[concat('alz-vnet-rg-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{},\"resources\":[{\"apiVersion\":\"2021-04-01\",\"location\":\"[parameters('vNetLocation')]\",\"name\":\"[parameters('vNetRgName')]\",\"properties\":{},\"type\":\"Microsoft.Resources/resourceGroups\"}],\"variables\":{}}},\"type\":\"Microsoft.Resources/deployments\"},{\"apiVersion\":\"2021-04-01\",\"dependsOn\":[\"[concat('alz-vnet-rg-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\"],\"name\":\"[concat('alz-vnet-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\"properties\":{\"mode\":\"Incremental\",\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{},\"resources\":[{\"apiVersion\":\"2021-02-01\",\"dependsOn\":[],\"location\":\"[parameters('vNetLocation')]\",\"name\":\"[parameters('vNetName')]\",\"properties\":{\"addressSpace\":{\"addressPrefixes\":[\"[parameters('vNetCidrRange')]\"]},\"dhcpOptions\":{\"dnsServers\":\"[parameters('dnsServers')]\"}},\"type\":\"Microsoft.Network/virtualNetworks\"},{\"apiVersion\":\"2021-02-01\",\"dependsOn\":[\"[parameters('vNetName')]\"],\"name\":\"[concat(parameters('vNetName'), '/peerToHub')]\",\"properties\":{\"allowForwardedTraffic\":true,\"allowGatewayTransit\":false,\"allowVirtualNetworkAccess\":true,\"remoteVirtualNetwork\":{\"id\":\"[parameters('hubResourceId')]\"},\"useRemoteGateways\":\"[parameters('vNetPeerUseRemoteGateway')]\"},\"type\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\"},{\"apiVersion\":\"2021-04-01\",\"dependsOn\":[\"[parameters('vNetName')]\"],\"name\":\"[concat('alz-hub-peering-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\"properties\":{\"expressionEvaluationOptions\":{\"scope\":\"inner\"},\"mode\":\"Incremental\",\"parameters\":{\"hubName\":{\"value\":\"[split(parameters('hubResourceId'),'/')[8]]\"},\"remoteVirtualNetwork\":{\"value\":\"[concat(subscription().id,'/resourceGroups/',parameters('vNetRgName'), '/providers/','Microsoft.Network/virtualNetworks/', parameters('vNetName'))]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"hubName\":{\"defaultValue\":false,\"type\":\"String\"},\"remoteVirtualNetwork\":{\"defaultValue\":false,\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2021-02-01\",\"name\":\"[[concat(parameters('hubName'),'/',last(split(parameters('remoteVirtualNetwork'),'/')))]\",\"properties\":{\"allowForwardedTraffic\":true,\"allowGatewayTransit\":true,\"allowVirtualNetworkAccess\":true,\"remoteVirtualNetwork\":{\"id\":\"[[parameters('remoteVirtualNetwork')]\"},\"useRemoteGateways\":false},\"type\":\"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\"}],\"variables\":{}}},\"resourceGroup\":\"[split(parameters('hubResourceId'),'/')[4]]\",\"subscriptionId\":\"[split(parameters('hubResourceId'),'/')[2]]\",\"type\":\"Microsoft.Resources/deployments\"}],\"variables\":{}}},\"resourceGroup\":\"[parameters('vNetRgName')]\",\"type\":\"Microsoft.Resources/deployments\"}],\"variables\":{}}}},\"deploymentScope\":\"subscription\",\"existenceCondition\":{\"allOf\":[{\"field\":\"name\",\"like\":\"[parameters('vNetName')]\"},{\"equals\":\"[parameters('vNetLocation')]\",\"field\":\"location\"}]},\"existenceScope\":\"resourceGroup\",\"name\":\"[parameters('vNetName')]\",\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"],\"type\":\"Microsoft.Network/virtualNetworks\"},\"effect\":\"deployIfNotExists\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploys an auto shutdown schedule to a virtual machine",
- "display_name": "Deploy Virtual Machine Auto Shutdown Schedule",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Compute\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Vm-autoShutdown",
- "parameters": "{\"EnableNotification\":{\"allowedValues\":[\"Disabled\",\"Enabled\"],\"defaultValue\":\"Disabled\",\"metadata\":{\"description\":\"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\",\"displayName\":\"Send Notification before auto-shutdown\"},\"type\":\"string\"},\"NotificationEmailRecipient\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Email address to be used for notification\",\"displayName\":\"Email Address\"},\"type\":\"string\"},\"NotificationWebhookUrl\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\",\"displayName\":\"Webhook URL\"},\"type\":\"string\"},\"time\":{\"defaultValue\":\"0000\",\"metadata\":{\"description\":\"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\",\"displayName\":\"Scheduled Shutdown Time\"},\"type\":\"String\"},\"timeZoneId\":{\"defaultValue\":\"UTC\",\"metadata\":{\"description\":\"The time zone ID (e.g. Pacific Standard time).\",\"displayName\":\"Time zone\"},\"type\":\"string\"}}",
- "policy_rule": "{\"if\":{\"equals\":\"Microsoft.Compute/virtualMachines\",\"field\":\"type\"},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"incremental\",\"parameters\":{\"EnableNotification\":{\"value\":\"[parameters('EnableNotification')]\"},\"NotificationEmailRecipient\":{\"value\":\"[parameters('NotificationEmailRecipient')]\"},\"NotificationWebhookUrl\":{\"value\":\"[parameters('NotificationWebhookUrl')]\"},\"location\":{\"value\":\"[field('location')]\"},\"time\":{\"value\":\"[parameters('time')]\"},\"timeZoneId\":{\"value\":\"[parameters('timeZoneId')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"EnableNotification\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"},\"type\":\"string\"},\"NotificationEmailRecipient\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Email address to be used for notification\"},\"type\":\"string\"},\"NotificationWebhookUrl\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"},\"type\":\"string\"},\"location\":{\"type\":\"string\"},\"time\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"},\"type\":\"string\"},\"timeZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"The time zone ID (e.g. Pacific Standard time).\"},\"type\":\"string\"},\"vmName\":{\"type\":\"string\"}},\"resources\":[{\"apiVersion\":\"2018-09-15\",\"location\":\"[parameters('location')]\",\"name\":\"[concat('shutdown-computevm-',parameters('vmName'))]\",\"properties\":{\"dailyRecurrence\":{\"time\":\"[parameters('time')]\"},\"notificationSettings\":{\"emailRecipient\":\"[parameters('NotificationEmailRecipient')]\",\"notificationLocale\":\"en\",\"status\":\"[parameters('EnableNotification')]\",\"timeInMinutes\":30,\"webhookUrl\":\"[parameters('NotificationWebhookUrl')]\"},\"status\":\"Enabled\",\"targetResourceId\":\"[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]\",\"taskType\":\"ComputeVmShutdownTask\",\"timeZoneId\":\"[parameters('timeZoneId')]\"},\"type\":\"Microsoft.DevTestLab/schedules\"}],\"variables\":{}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"ComputeVmShutdownTask\",\"field\":\"Microsoft.DevTestLab/schedules/taskType\"},{\"equals\":\"[concat(resourceGroup().id,'/providers/Microsoft.Compute/virtualMachines/',field('name'))]\",\"field\":\"Microsoft.DevTestLab/schedules/targetResourceId\"}]},\"roleDefinitionIds\":[\"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.DevTestLab/schedules\"},\"effect\":\"deployIfNotExists\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Windows-DomainJoin\"]",
- "mode": "managed",
- "type": "azurerm_policy_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Windows-DomainJoin",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Windows Domain Join Extension with keyvault configuration when the extension does not exist on a given windows Virtual Machine",
- "display_name": "Deploy Windows Domain Join Extension with keyvault configuration",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Guest Configuration\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "mode": "Indexed",
- "name": "Deploy-Windows-DomainJoin",
- "parameters": "{\"domainFQDN\":{\"metadata\":{\"displayName\":\"domainFQDN\"},\"type\":\"String\"},\"domainOUPath\":{\"metadata\":{\"displayName\":\"domainOUPath\"},\"type\":\"String\"},\"domainPassword\":{\"metadata\":{\"displayName\":\"domainPassword\"},\"type\":\"String\"},\"domainUsername\":{\"metadata\":{\"displayName\":\"domainUsername\"},\"type\":\"String\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"keyVaultResourceId\":{\"metadata\":{\"displayName\":\"keyVaultResourceId\"},\"type\":\"String\"}}",
- "policy_rule": "{\"if\":{\"allOf\":[{\"equals\":\"Microsoft.Compute/virtualMachines\",\"field\":\"type\"},{\"equals\":\"MicrosoftWindowsServer\",\"field\":\"Microsoft.Compute/imagePublisher\"},{\"equals\":\"WindowsServer\",\"field\":\"Microsoft.Compute/imageOffer\"},{\"field\":\"Microsoft.Compute/imageSKU\",\"in\":[\"2008-R2-SP1\",\"2008-R2-SP1-smalldisk\",\"2008-R2-SP1-zhcn\",\"2012-Datacenter\",\"2012-datacenter-gensecond\",\"2012-Datacenter-smalldisk\",\"2012-datacenter-smalldisk-g2\",\"2012-Datacenter-zhcn\",\"2012-datacenter-zhcn-g2\",\"2012-R2-Datacenter\",\"2012-r2-datacenter-gensecond\",\"2012-R2-Datacenter-smalldisk\",\"2012-r2-datacenter-smalldisk-g2\",\"2012-R2-Datacenter-zhcn\",\"2012-r2-datacenter-zhcn-g2\",\"2016-Datacenter\",\"2016-datacenter-gensecond\",\"2016-datacenter-gs\",\"2016-Datacenter-Server-Core\",\"2016-datacenter-server-core-g2\",\"2016-Datacenter-Server-Core-smalldisk\",\"2016-datacenter-server-core-smalldisk-g2\",\"2016-Datacenter-smalldisk\",\"2016-datacenter-smalldisk-g2\",\"2016-Datacenter-with-Containers\",\"2016-datacenter-with-containers-g2\",\"2016-Datacenter-with-RDSH\",\"2016-Datacenter-zhcn\",\"2016-datacenter-zhcn-g2\",\"2019-Datacenter\",\"2019-Datacenter-Core\",\"2019-datacenter-core-g2\",\"2019-Datacenter-Core-smalldisk\",\"2019-datacenter-core-smalldisk-g2\",\"2019-Datacenter-Core-with-Containers\",\"2019-datacenter-core-with-containers-g2\",\"2019-Datacenter-Core-with-Containers-smalldisk\",\"2019-datacenter-core-with-containers-smalldisk-g2\",\"2019-datacenter-gensecond\",\"2019-datacenter-gs\",\"2019-Datacenter-smalldisk\",\"2019-datacenter-smalldisk-g2\",\"2019-Datacenter-with-Containers\",\"2019-datacenter-with-containers-g2\",\"2019-Datacenter-with-Containers-smalldisk\",\"2019-datacenter-with-containers-smalldisk-g2\",\"2019-Datacenter-zhcn\",\"2019-datacenter-zhcn-g2\",\"Datacenter-Core-1803-with-Containers-smalldisk\",\"datacenter-core-1803-with-containers-smalldisk-g2\",\"Datacenter-Core-1809-with-Containers-smalldisk\",\"datacenter-core-1809-with-containers-smalldisk-g2\",\"Datacenter-Core-1903-with-Containers-smalldisk\",\"datacenter-core-1903-with-containers-smalldisk-g2\",\"datacenter-core-1909-with-containers-smalldisk\",\"datacenter-core-1909-with-containers-smalldisk-g1\",\"datacenter-core-1909-with-containers-smalldisk-g2\"]}]},\"then\":{\"details\":{\"deployment\":{\"properties\":{\"mode\":\"Incremental\",\"parameters\":{\"domainFQDN\":{\"value\":\"[parameters('domainFQDN')]\"},\"domainOUPath\":{\"value\":\"[parameters('domainOUPath')]\"},\"domainPassword\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('domainPassword')]\"}},\"domainUsername\":{\"reference\":{\"keyVault\":{\"id\":\"[parameters('keyVaultResourceId')]\"},\"secretName\":\"[parameters('domainUsername')]\"}},\"keyVaultResourceId\":{\"value\":\"[parameters('keyVaultResourceId')]\"},\"location\":{\"value\":\"[field('location')]\"},\"vmName\":{\"value\":\"[field('name')]\"}},\"template\":{\"$schema\":\"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{},\"parameters\":{\"domainFQDN\":{\"type\":\"String\"},\"domainOUPath\":{\"type\":\"String\"},\"domainPassword\":{\"type\":\"securestring\"},\"domainUsername\":{\"type\":\"String\"},\"keyVaultResourceId\":{\"type\":\"String\"},\"location\":{\"type\":\"String\"},\"vmName\":{\"type\":\"String\"}},\"resources\":[{\"apiVersion\":\"2015-06-15\",\"location\":\"[resourceGroup().location]\",\"name\":\"[concat(variables('vmName'),'/joindomain')]\",\"properties\":{\"autoUpgradeMinorVersion\":true,\"protectedSettings\":{\"Password\":\"[parameters('domainPassword')]\"},\"publisher\":\"Microsoft.Compute\",\"settings\":{\"Name\":\"[parameters('domainFQDN')]\",\"OUPath\":\"[parameters('domainOUPath')]\",\"Options\":\"[variables('domainJoinOptions')]\",\"Restart\":\"true\",\"User\":\"[parameters('domainUserName')]\"},\"type\":\"JsonADDomainExtension\",\"typeHandlerVersion\":\"1.3\"},\"type\":\"Microsoft.Compute/virtualMachines/extensions\"}],\"variables\":{\"domainJoinOptions\":3,\"vmName\":\"[parameters('vmName')]\"}}}},\"existenceCondition\":{\"allOf\":[{\"equals\":\"JsonADDomainExtension\",\"field\":\"Microsoft.Compute/virtualMachines/extensions/type\"},{\"equals\":\"Microsoft.Compute\",\"field\":\"Microsoft.Compute/virtualMachines/extensions/publisher\"}]},\"roleDefinitionIds\":[\"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"],\"type\":\"Microsoft.Compute/virtualMachines/extensions\"},\"effect\":\"[parameters('effect')]\"}}",
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Audit-UnusedResourcesCostOptimization\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Audit-UnusedResourcesCostOptimization",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Optimize cost by detecting unused but chargeable resources. Leverage this Azure Policy Initiative as a cost control tool to reveal orphaned resources that are contributing cost.",
- "display_name": "Unused resources driving cost should be avoided",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Cost Optimization\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "name": "Audit-UnusedResourcesCostOptimization",
- "parameters": "{\"effectDisks\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy for Microsoft.Compute/disks\",\"displayName\":\"Disks Effect\"},\"type\":\"String\"},\"effectPublicIpAddresses\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy for Microsoft.Network/publicIpAddresses\",\"displayName\":\"PublicIpAddresses Effect\"},\"type\":\"String\"},\"effectServerFarms\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy for Microsoft.Web/serverfarms\",\"displayName\":\"ServerFarms Effect\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectDisks')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization",
- "policy_group_names": null,
- "reference_id": "AuditDisksUnusedResourcesCostOptimization"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectPublicIpAddresses')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization",
- "policy_group_names": null,
- "reference_id": "AuditPublicIpAddressesUnusedResourcesCostOptimization"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectServerFarms')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization",
- "policy_group_names": null,
- "reference_id": "AuditServerFarmsUnusedResourcesCostOptimization"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"Audit\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit",
- "policy_group_names": null,
- "reference_id": "AuditAzureHybridBenefitUnusedResourcesCostOptimization"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints",
- "display_name": "Public network access should be disabled for PaaS services",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"3.1.0\"}",
- "name": "Deny-PublicPaaSEndpoints",
- "parameters": "{\"ACRPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies the creation of Azure Container Registires with exposed public endpoints \",\"displayName\":\"Public network access on Azure Container Registry disabled\"},\"type\":\"String\"},\"AFSPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies the creation of Azure File Sync instances with exposed public endpoints \",\"displayName\":\"Public network access on Azure File Sync disabled\"},\"type\":\"String\"},\"AKSPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies the creation of Azure Kubernetes Service non-private clusters\",\"displayName\":\"Public network access on AKS API should be disabled\"},\"type\":\"String\"},\"ApiManPublicIpDenyEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"This policy denies creation of API Management services with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for API Management services\"},\"type\":\"String\"},\"AppConfigPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of App Configuration with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for App Configuration\"},\"type\":\"String\"},\"AsPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of App Service apps with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for App Service apps\"},\"type\":\"String\"},\"AsePublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of App Service Environment apps with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for App Service Environment apps\"},\"type\":\"String\"},\"AutomationPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be seet to 'isolated only' mode\",\"displayName\":\"Public network access should be disabled for Automation accounts\"},\"type\":\"String\"},\"BatchPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Azure Batch Instances with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Azure Batch Instances\"},\"type\":\"String\"},\"BotServicePublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Bot Service with exposed public endpoints. Bots should be seet to 'isolated only' mode\",\"displayName\":\"Public network access should be disabled for Bot Service\"},\"type\":\"String\"},\"CosmosPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies that Cosmos database accounts are created with out public network access is disabled.\",\"displayName\":\"Public network access should be disabled for CosmosDB\"},\"type\":\"String\"},\"FunctionPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Function apps with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Function apps\"},\"type\":\"String\"},\"KeyVaultPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\",\"displayName\":\"Public network access should be disabled for KeyVault\"},\"type\":\"String\"},\"MariaDbPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Azure MariaDB with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Azure MariaDB\"},\"type\":\"String\"},\"MlPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Azure Machine Learning with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Azure Machine Learning\"},\"type\":\"String\"},\"MySQLFlexPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for MySQL Flexible Server\"},\"type\":\"String\"},\"PostgreSQLFlexPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Postgre SQL Flexible DB accounts with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for PostgreSql Flexible Server\"},\"type\":\"String\"},\"RedisCachePublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Azure Cache for Redis with exposed public endpoints\",\"displayName\":\"Public network access should be disabled for Azure Cache for Redis\"},\"type\":\"String\"},\"SqlServerPublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of Sql servers with exposed public endpoints\",\"displayName\":\"Public network access on Azure SQL Database should be disabled\"},\"type\":\"String\"},\"StoragePublicIpDenyEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\",\"displayName\":\"Public network access onStorage accounts should be disabled\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CosmosPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a",
- "policy_group_names": null,
- "reference_id": "CosmosDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('KeyVaultPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b",
- "policy_group_names": null,
- "reference_id": "KeyVaultDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlServerPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780",
- "policy_group_names": null,
- "reference_id": "SqlServerDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StoragePublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693",
- "policy_group_names": null,
- "reference_id": "StorageDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AKSPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8",
- "policy_group_names": null,
- "reference_id": "AKSDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ACRPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f",
- "policy_group_names": null,
- "reference_id": "ACRDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AFSPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7",
- "policy_group_names": null,
- "reference_id": "AFSDenyPaasPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48",
- "policy_group_names": null,
- "reference_id": "PostgreSQLFlexDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLFlexPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052",
- "policy_group_names": null,
- "reference_id": "MySQLFlexDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('BatchPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488",
- "policy_group_names": null,
- "reference_id": "BatchDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MariaDbPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077",
- "policy_group_names": null,
- "reference_id": "MariaDbDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MlPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce",
- "policy_group_names": null,
- "reference_id": "MlDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisCachePublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663",
- "policy_group_names": null,
- "reference_id": "RedisCacheDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('BotServicePublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d",
- "policy_group_names": null,
- "reference_id": "BotServiceDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AutomationPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6",
- "policy_group_names": null,
- "reference_id": "AutomationDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppConfigPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187",
- "policy_group_names": null,
- "reference_id": "AppConfigDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FunctionPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127",
- "policy_group_names": null,
- "reference_id": "FunctionDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AsePublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3",
- "policy_group_names": null,
- "reference_id": "AseDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AsPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba",
- "policy_group_names": null,
- "reference_id": "AsDenyPublicIP"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ApiManPublicIpDenyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd",
- "policy_group_names": null,
- "reference_id": "ApiManDenyPublicIP"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.",
- "display_name": "DenyAction Delete - Activity Log Settings and Diagnostic Settings",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "DenyAction-DeleteProtection",
- "parameters": null,
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs",
- "policy_group_names": null,
- "reference_id": "DenyActionDelete-DiagnosticSettings"
- },
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs",
- "policy_group_names": null,
- "reference_id": "DenyActionDelete-ActivityLogSettings"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included ",
- "display_name": "Deploy Diagnostic Settings to Azure Services",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Monitoring\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.2.0\"}",
- "name": "Deploy-Diagnostics-LogAnalytics",
- "parameters": "{\"ACILogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\",\"displayName\":\"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\"},\"type\":\"String\"},\"ACRLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics enabled.\",\"displayName\":\"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\"},\"type\":\"String\"},\"AKSLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\",\"displayName\":\"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\"},\"type\":\"String\"},\"APIMgmtLogAnalyticsDestinationType\":{\"allowedValues\":[\"AzureDiagnostics\",\"Dedicated\"],\"defaultValue\":\"AzureDiagnostics\",\"metadata\":{\"description\":\"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\",\"displayName\":\"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\"},\"type\":\"String\"},\"APIMgmtLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for API Management to Log Analytics workspace\"},\"type\":\"String\"},\"APIforFHIRLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\"},\"type\":\"String\"},\"AVDScalingPlansLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\"},\"type\":\"String\"},\"AnalysisServiceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\"},\"type\":\"String\"},\"AppServiceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\"},\"type\":\"String\"},\"AppServiceWebappLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for App Service to Log Analytics workspace\"},\"type\":\"String\"},\"ApplicationGatewayLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\"},\"type\":\"String\"},\"AutomationLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Automation to Log Analytics workspace\"},\"type\":\"String\"},\"BastionLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\"},\"type\":\"String\"},\"BatchLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Batch to Log Analytics workspace\"},\"type\":\"String\"},\"CDNEndpointsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\"},\"type\":\"String\"},\"CognitiveServicesLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\"},\"type\":\"String\"},\"CosmosLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\"},\"type\":\"String\"},\"DataExplorerClusterLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\"},\"type\":\"String\"},\"DataFactoryLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\"},\"type\":\"String\"},\"DataLakeAnalyticsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\"},\"type\":\"String\"},\"DataLakeStoreLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\"},\"type\":\"String\"},\"DatabricksLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\"},\"type\":\"String\"},\"EventGridSubLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\"},\"type\":\"String\"},\"EventGridTopicLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\"},\"type\":\"String\"},\"EventHubLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\"},\"type\":\"String\"},\"EventSystemTopicLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\"},\"type\":\"String\"},\"ExpressRouteLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\"},\"type\":\"String\"},\"FirewallLogAnalyticsDestinationType\":{\"allowedValues\":[\"AzureDiagnostics\",\"Dedicated\"],\"defaultValue\":\"AzureDiagnostics\",\"metadata\":{\"description\":\"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\",\"displayName\":\"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\"},\"type\":\"String\"},\"FirewallLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\"},\"type\":\"String\"},\"FrontDoorLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\"},\"type\":\"String\"},\"FunctionAppLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\"},\"type\":\"String\"},\"HDInsightLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\"},\"type\":\"String\"},\"IotHubLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\"},\"type\":\"String\"},\"KeyVaultLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\"},\"type\":\"String\"},\"LoadBalancerLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\"},\"type\":\"String\"},\"LogAnalyticsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\",\"displayName\":\"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\"},\"type\":\"String\"},\"LogicAppsISELogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\"},\"type\":\"String\"},\"LogicAppsWFLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\"},\"type\":\"String\"},\"MariaDBLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\"},\"type\":\"String\"},\"MediaServiceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\"},\"type\":\"String\"},\"MlWorkspaceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\"},\"type\":\"String\"},\"MySQLLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\"},\"type\":\"String\"},\"NetworkNICLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\"},\"type\":\"String\"},\"NetworkPublicIPNicLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\"},\"type\":\"String\"},\"NetworkSecurityGroupsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\"},\"type\":\"String\"},\"PostgreSQLLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\"},\"type\":\"String\"},\"PowerBIEmbeddedLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\"},\"type\":\"String\"},\"RedisCacheLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\"},\"type\":\"String\"},\"RelayLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Relay to Log Analytics workspace\"},\"type\":\"String\"},\"SQLDBsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace\"},\"type\":\"String\"},\"SQLElasticPoolsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\"},\"type\":\"String\"},\"SQLMLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\"},\"type\":\"String\"},\"SearchServicesLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\"},\"type\":\"String\"},\"ServiceBusLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace\"},\"type\":\"String\"},\"SignalRLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\"},\"type\":\"String\"},\"StorageAccountsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\"},\"type\":\"String\"},\"StreamAnalyticsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\"},\"type\":\"String\"},\"TimeSeriesInsightsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\"},\"type\":\"String\"},\"TrafficManagerLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\"},\"type\":\"String\"},\"VMSSLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Virtual Machine Scale Sets to stream to a Log Analytics workspace when any Virtual Machine Scale Sets which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\"},\"type\":\"String\"},\"VNetGWLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\",\"displayName\":\"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\"},\"type\":\"String\"},\"VWanS2SVPNGWLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\"},\"type\":\"String\"},\"VirtualMachinesLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\"},\"type\":\"String\"},\"VirtualNetworkLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\"},\"type\":\"String\"},\"WVDAppGroupsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\"},\"type\":\"String\"},\"WVDHostPoolsLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\"},\"type\":\"String\"},\"WVDWorkspaceLogAnalyticsEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\"displayName\":\"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"profileName\":{\"defaultValue\":\"setbypolicy\",\"metadata\":{\"description\":\"The diagnostic settings profile name\",\"displayName\":\"Profile name\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef",
- "policy_group_names": null,
- "reference_id": "StorageAccountDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb",
- "policy_group_names": null,
- "reference_id": "StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96",
- "policy_group_names": null,
- "reference_id": "StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45",
- "policy_group_names": null,
- "reference_id": "StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageAccountsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0",
- "policy_group_names": null,
- "reference_id": "StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AVDScalingPlansLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans",
- "policy_group_names": null,
- "reference_id": "AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WVDAppGroupsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup",
- "policy_group_names": null,
- "reference_id": "WVDAppGroupDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WVDWorkspaceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace",
- "policy_group_names": null,
- "reference_id": "WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WVDHostPoolsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools",
- "policy_group_names": null,
- "reference_id": "WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ACILogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI",
- "policy_group_names": null,
- "reference_id": "ACIDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ACRLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR",
- "policy_group_names": null,
- "reference_id": "ACRDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('profileName')]\"},\"effect\":{\"value\":\"[parameters('AKSLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8",
- "policy_group_names": null,
- "reference_id": "AKSDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AnalysisServiceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService",
- "policy_group_names": null,
- "reference_id": "AnalysisServiceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('APIforFHIRLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR",
- "policy_group_names": null,
- "reference_id": "APIforFHIRDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('APIMgmtLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logAnalyticsDestinationType\":{\"value\":\"[parameters('APIMgmtLogAnalyticsDestinationType')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt",
- "policy_group_names": null,
- "reference_id": "APIMgmtDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ApplicationGatewayLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway",
- "policy_group_names": null,
- "reference_id": "ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AutomationLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA",
- "policy_group_names": null,
- "reference_id": "AutomationDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('BastionLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion",
- "policy_group_names": null,
- "reference_id": "BastionDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('BatchLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5",
- "policy_group_names": null,
- "reference_id": "BatchDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CDNEndpointsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints",
- "policy_group_names": null,
- "reference_id": "CDNEndpointsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CognitiveServicesLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices",
- "policy_group_names": null,
- "reference_id": "CognitiveServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CosmosLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB",
- "policy_group_names": null,
- "reference_id": "CosmosDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DatabricksLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks",
- "policy_group_names": null,
- "reference_id": "DatabricksDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataExplorerClusterLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster",
- "policy_group_names": null,
- "reference_id": "DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataFactoryLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory",
- "policy_group_names": null,
- "reference_id": "DataFactoryDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataLakeStoreLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03",
- "policy_group_names": null,
- "reference_id": "DataLakeStoreDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics",
- "policy_group_names": null,
- "reference_id": "DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EventGridSubLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub",
- "policy_group_names": null,
- "reference_id": "EventGridSubDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EventGridTopicLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic",
- "policy_group_names": null,
- "reference_id": "EventGridTopicDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EventHubLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579",
- "policy_group_names": null,
- "reference_id": "EventHubDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EventSystemTopicLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic",
- "policy_group_names": null,
- "reference_id": "EventSystemTopicDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ExpressRouteLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute",
- "policy_group_names": null,
- "reference_id": "ExpressRouteDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FirewallLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"logAnalyticsDestinationType\":{\"value\":\"[parameters('FirewallLogAnalyticsDestinationType')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall",
- "policy_group_names": null,
- "reference_id": "FirewallDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FrontDoorLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor",
- "policy_group_names": null,
- "reference_id": "FrontDoorDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FunctionAppLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function",
- "policy_group_names": null,
- "reference_id": "FunctionAppDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('HDInsightLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight",
- "policy_group_names": null,
- "reference_id": "HDInsightDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('IotHubLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub",
- "policy_group_names": null,
- "reference_id": "IotHubDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('KeyVaultLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47",
- "policy_group_names": null,
- "reference_id": "KeyVaultDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('LoadBalancerLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer",
- "policy_group_names": null,
- "reference_id": "LoadBalancerDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('LogAnalyticsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics",
- "policy_group_names": null,
- "reference_id": "LogAnalyticsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('LogicAppsISELogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE",
- "policy_group_names": null,
- "reference_id": "LogicAppsISEDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('LogicAppsWFLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721",
- "policy_group_names": null,
- "reference_id": "LogicAppsWFDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MariaDBLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB",
- "policy_group_names": null,
- "reference_id": "MariaDBDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MediaServiceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService",
- "policy_group_names": null,
- "reference_id": "MediaServiceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MlWorkspaceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace",
- "policy_group_names": null,
- "reference_id": "MlWorkspaceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL",
- "policy_group_names": null,
- "reference_id": "MySQLDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups",
- "policy_group_names": null,
- "reference_id": "NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('NetworkNICLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC",
- "policy_group_names": null,
- "reference_id": "NetworkNICDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL",
- "policy_group_names": null,
- "reference_id": "PostgreSQLDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded",
- "policy_group_names": null,
- "reference_id": "PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"metricsEnabled\":{\"value\":\"True\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648",
- "policy_group_names": null,
- "reference_id": "NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3",
- "policy_group_names": null,
- "reference_id": "RecoveryVaultDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisCacheLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache",
- "policy_group_names": null,
- "reference_id": "RedisCacheDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RelayLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay",
- "policy_group_names": null,
- "reference_id": "RelayDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SearchServicesLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d",
- "policy_group_names": null,
- "reference_id": "SearchServicesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ServiceBusLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e",
- "policy_group_names": null,
- "reference_id": "ServiceBusDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SignalRLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR",
- "policy_group_names": null,
- "reference_id": "SignalRDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"diagnosticsSettingNameToUse\":{\"value\":\"[parameters('profileName')]\"},\"effect\":{\"value\":\"[parameters('SQLDBsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84",
- "policy_group_names": null,
- "reference_id": "SQLDatabaseDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools",
- "policy_group_names": null,
- "reference_id": "SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLMLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI",
- "policy_group_names": null,
- "reference_id": "SQLMDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StreamAnalyticsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673",
- "policy_group_names": null,
- "reference_id": "StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights",
- "policy_group_names": null,
- "reference_id": "TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('TrafficManagerLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager",
- "policy_group_names": null,
- "reference_id": "TrafficManagerDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VirtualNetworkLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork",
- "policy_group_names": null,
- "reference_id": "VirtualNetworkDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VirtualMachinesLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM",
- "policy_group_names": null,
- "reference_id": "VirtualMachinesDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VMSSLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS",
- "policy_group_names": null,
- "reference_id": "VMSSDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VNetGWLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW",
- "policy_group_names": null,
- "reference_id": "VNetGWDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppServiceLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm",
- "policy_group_names": null,
- "reference_id": "AppServiceDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppServiceWebappLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website",
- "policy_group_names": null,
- "reference_id": "AppServiceWebappDeployDiagnosticLogDeployLogAnalytics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"},\"logAnalytics\":{\"value\":\"[parameters('logAnalytics')]\"},\"profileName\":{\"value\":\"[parameters('profileName')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW",
- "policy_group_names": null,
- "reference_id": "VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy Microsoft Defender for Cloud configuration",
- "display_name": "Deploy Microsoft Defender for Cloud configuration",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Security Center\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"6.0.1\"}",
- "name": "Deploy-MDFC-Config",
- "parameters": "{\"ascExportResourceGroupLocation\":{\"metadata\":{\"description\":\"The location where the resource group and the export to Log Analytics workspace configuration are created.\",\"displayName\":\"Resource Group location for the export to Log Analytics workspace configuration\"},\"type\":\"String\"},\"ascExportResourceGroupName\":{\"metadata\":{\"description\":\"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\",\"displayName\":\"Resource Group name for the export to Log Analytics workspace configuration\"},\"type\":\"String\"},\"emailSecurityContact\":{\"metadata\":{\"description\":\"Provide email address for Microsoft Defender for Cloud contact details\",\"displayName\":\"Security contacts email address\"},\"type\":\"string\"},\"enableAscForApis\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForAppServices\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForArm\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForContainers\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForCosmosDbs\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForCspm\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForDns\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForKeyVault\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForOssDb\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForServers\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForServersVulnerabilityAssessments\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForSql\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForSqlOnVm\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"enableAscForStorage\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"logAnalytics\":{\"metadata\":{\"description\":\"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\"displayName\":\"Primary Log Analytics workspace\",\"strongType\":\"omsWorkspace\"},\"type\":\"String\"},\"minimalSeverity\":{\"allowedValues\":[\"High\",\"Medium\",\"Low\"],\"defaultValue\":\"High\",\"metadata\":{\"description\":\"Defines the minimal alert severity which will be sent as email notifications\",\"displayName\":\"Minimal severity\"},\"type\":\"string\"},\"vulnerabilityAssessmentProvider\":{\"allowedValues\":[\"default\",\"mdeTvm\"],\"defaultValue\":\"default\",\"metadata\":{\"description\":\"Select the vulnerability assessment solution to provision to machines.\",\"displayName\":\"Vulnerability assessment provider type\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForOssDb')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a",
- "policy_group_names": null,
- "reference_id": "defenderForOssDb"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForServers')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222",
- "policy_group_names": null,
- "reference_id": "defenderForVM"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForServersVulnerabilityAssessments')]\"},\"vaType\":{\"value\":\"[parameters('vulnerabilityAssessmentProvider')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b",
- "policy_group_names": null,
- "reference_id": "defenderForVMVulnerabilityAssessment"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForSqlOnVm')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3",
- "policy_group_names": null,
- "reference_id": "defenderForSqlServerVirtualMachines"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForAppServices')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d",
- "policy_group_names": null,
- "reference_id": "defenderForAppServices"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForStorage')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390",
- "policy_group_names": null,
- "reference_id": "defenderForStorageAccountsV2"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForContainers')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f",
- "policy_group_names": null,
- "reference_id": "defenderforContainers"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForContainers')]\"},\"logAnalyticsWorkspaceResourceId\":{\"value\":\"[parameters('logAnalytics')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5",
- "policy_group_names": null,
- "reference_id": "defenderforKubernetes"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForContainers')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7",
- "policy_group_names": null,
- "reference_id": "azurePolicyForKubernetes"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForKeyVault')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7",
- "policy_group_names": null,
- "reference_id": "defenderForKeyVaults"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForDns')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f",
- "policy_group_names": null,
- "reference_id": "defenderForDns"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForArm')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9",
- "policy_group_names": null,
- "reference_id": "defenderForArm"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForSql')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491",
- "policy_group_names": null,
- "reference_id": "defenderForSqlPaas"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForCosmosDbs')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542",
- "policy_group_names": null,
- "reference_id": "defenderForCosmosDbs"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForApis')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6",
- "policy_group_names": null,
- "reference_id": "defenderForApis"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('enableAscForCspm')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd",
- "policy_group_names": null,
- "reference_id": "defenderForCspm"
- },
- {
- "parameter_values": "{\"emailSecurityContact\":{\"value\":\"[parameters('emailSecurityContact')]\"},\"minimalSeverity\":{\"value\":\"[parameters('minimalSeverity')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts",
- "policy_group_names": null,
- "reference_id": "securityEmailContact"
- },
- {
- "parameter_values": "{\"resourceGroupLocation\":{\"value\":\"[parameters('ascExportResourceGroupLocation')]\"},\"resourceGroupName\":{\"value\":\"[parameters('ascExportResourceGroupName')]\"},\"workspaceResourceId\":{\"value\":\"[parameters('logAnalytics')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9",
- "policy_group_names": null,
- "reference_id": "ascExport"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones",
- "display_name": "Configure Azure PaaS services to use private DNS zones",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Network\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.1.1\"}",
- "name": "Deploy-Private-DNS-Zones",
- "parameters": "{\"azureAcrPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAcrPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAppPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAppPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAppServicesPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAppServicesPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAsrPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAsrPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAutomationDSCHybridPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAutomationDSCHybridPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureAutomationWebhookPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureAutomationWebhookPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureBatchPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureBatchPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCognitiveSearchPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCognitiveSearchPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCognitiveServicesPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCognitiveServicesPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosCassandraPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosCassandraPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosGremlinPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosGremlinPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosMongoPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosMongoPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosSQLPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosSQLPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureCosmosTablePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureCosmosTablePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureDataFactoryPortalPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureDataFactoryPortalPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureDataFactoryPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureDataFactoryPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureDatabricksPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureDatabricksPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureDiskAccessPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureDiskAccessPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureEventGridDomainsPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureEventGridDomainsPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureEventGridTopicsPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureEventGridTopicsPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureEventHubNamespacePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureEventHubNamespacePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureFilePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureFilePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureHDInsightPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureHDInsightPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureIotHubsPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureIotHubsPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureIotPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureIotPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureKeyVaultPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureKeyVaultPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMachineLearningWorkspacePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMachineLearningWorkspacePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMediaServicesKeyPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMediaServicesKeyPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMediaServicesLivePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMediaServicesLivePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMediaServicesStreamPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMediaServicesStreamPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMigratePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMigratePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId1\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId1\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId2\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId2\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId3\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId3\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId4\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId4\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureMonitorPrivateDnsZoneId5\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureMonitorPrivateDnsZoneId5\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureRedisCachePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureRedisCachePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureServiceBusNamespacePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureServiceBusNamespacePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureSignalRPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureSignalRPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageBlobPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageBlobPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageBlobSecPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageBlobSecPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageDFSPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageDFSPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageDFSSecPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageDFSSecPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageFilePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageFilePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageQueuePrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageQueuePrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageQueueSecPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageQueueSecPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageStaticWebPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageStaticWebPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureStorageStaticWebSecPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureStorageStaticWebSecPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureSynapseDevPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureSynapseDevPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureSynapseSQLODPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureSynapseSQLODPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureSynapseSQLPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureSynapseSQLPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"azureWebPrivateDnsZoneId\":{\"defaultValue\":\"\",\"metadata\":{\"description\":\"Private DNS Zone Identifier\",\"displayName\":\"azureWebPrivateDnsZoneId\",\"strongType\":\"Microsoft.Network/privateDnsZones\"},\"type\":\"string\"},\"effect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"string\"},\"effect1\":{\"allowedValues\":[\"deployIfNotExists\",\"Disabled\"],\"defaultValue\":\"deployIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"string\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureFilePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-File-Sync"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"Webhook\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Automation-Webhook"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"DSCAndHybridWorker\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Automation-DSCHybrid"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosSQLPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"SQL\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-SQL"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosMongoPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"MongoDB\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-MongoDB"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"Cassandra\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-Cassandra"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"Gremlin\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-Gremlin"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCosmosTablePrivateDnsZoneId')]\"},\"privateEndpointGroupId\":{\"value\":\"Table\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Cosmos-Table"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"listOfGroupIds\":{\"value\":[\"dataFactory\"]},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDataFactoryPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-DataFactory"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"listOfGroupIds\":{\"value\":[\"portal\"]},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-DataFactory-Portal"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"databricks_ui_api\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDatabricksPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Databrics-UI-Api"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"browser_authentication\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDatabricksPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Databrics-Browser-AuthN"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"cluster\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureHDInsightPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-HDInsight"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMigratePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Migrate"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageBlobPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-Blob"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-Blob-Sec"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageQueuePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-Queue"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-Queue-Sec"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageFilePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-File"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-StaticWeb"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-StaticWeb-Sec"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageDFSPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-DFS"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Storage-DFS-Sec"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureSynapseSQLPrivateDnsZoneId')]\"},\"targetSubResource\":{\"value\":\"Sql\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Synapse-SQL"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"},\"targetSubResource\":{\"value\":\"SqlOnDemand\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Synapse-SQL-OnDemand"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureSynapseDevPrivateDnsZoneId')]\"},\"targetSubResource\":{\"value\":\"Dev\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Synapse-Dev"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"keydelivery\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-MediaServices-Key"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"liveevent\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-MediaServices-Live"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"groupId\":{\"value\":\"streamingendpoint\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-MediaServices-Stream"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId1\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId1')]\"},\"privateDnsZoneId2\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId2')]\"},\"privateDnsZoneId3\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId3')]\"},\"privateDnsZoneId4\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId4')]\"},\"privateDnsZoneId5\":{\"value\":\"[parameters('azureMonitorPrivateDnsZoneId5')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Monitor"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureWebPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Web"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureBatchPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Batch"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAppPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-App"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAsrPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-Site-Recovery"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureIotPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-IoT"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureKeyVaultPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-KeyVault"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureSignalRPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-SignalR"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAppServicesPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-AppServices"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect1')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-EventGridTopics"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureDiskAccessPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-DiskAccess"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-CognitiveServices"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect1')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureIotHubsPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-IoTHubs"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect1')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-EventGridDomains"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureRedisCachePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-RedisCache"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureAcrPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-ACR"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-EventHubNamespace"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-MachineLearningWorkspace"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-ServiceBusNamespace"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effect')]\"},\"privateDnsZoneId\":{\"value\":\"[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009",
- "policy_group_names": null,
- "reference_id": "DINE-Private-DNS-Azure-CognitiveSearch"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment",
- "display_name": "Deploy SQL Database built-in SQL security configuration",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"SQL\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Deploy-Sql-Security",
- "parameters": "{\"SqlDbAuditingSettingsDeploySqlSecurityEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy auditing settings to SQL Database when it not exist in the deployment\",\"displayName\":\"Deploy SQL database auditing settings\"},\"type\":\"String\"},\"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\",\"displayName\":\"Deploy SQL Database security Alert Policies configuration with email admin accounts\"},\"type\":\"String\"},\"SqlDbTdeDeploySqlSecurityEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy the Transparent Data Encryption when it is not enabled in the deployment\",\"displayName\":\"Deploy SQL Database Transparent Data Encryption \"},\"type\":\"String\"},\"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific storage account in the parameters\",\"displayName\":\"Deploy SQL Database vulnerability Assessments\"},\"type\":\"String\"},\"vulnerabilityAssessmentsEmail\":{\"metadata\":{\"description\":\"The email address to send alerts\",\"displayName\":\"The email address to send alerts\"},\"type\":\"String\"},\"vulnerabilityAssessmentsStorageID\":{\"metadata\":{\"description\":\"The storage account ID to store assessments\",\"displayName\":\"The storage account ID to store assessments\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f",
- "policy_group_names": null,
- "reference_id": "SqlDbTdeDeploySqlSecurity"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies",
- "policy_group_names": null,
- "reference_id": "SqlDbSecurityAlertPoliciesDeploySqlSecurity"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings",
- "policy_group_names": null,
- "reference_id": "SqlDbAuditingSettingsDeploySqlSecurity"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"},\"vulnerabilityAssessmentsEmail\":{\"value\":\"[parameters('vulnerabilityAssessmentsEmail')]\"},\"vulnerabilityAssessmentsStorageID\":{\"value\":\"[parameters('vulnerabilityAssessmentsStorageID')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments",
- "policy_group_names": null,
- "reference_id": "SqlDbVulnerabilityAssessmentsDeploySqlSecurity"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.",
- "display_name": "Enforce Azure Compute Security Benchmark compliance auditing",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Guest Configuration\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Enforce-ACSB",
- "parameters": "{\"effect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"includeArcMachines\":{\"allowedValues\":[\"true\",\"false\"],\"defaultValue\":\"true\",\"metadata\":{\"description\":\"By selecting this option, you agree to be charged monthly per Arc connected machine.\",\"displayName\":\"Include Arc connected servers\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e",
- "policy_group_names": null,
- "reference_id": "GcIdentity"
- },
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da",
- "policy_group_names": null,
- "reference_id": "GcLinux"
- },
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6",
- "policy_group_names": null,
- "reference_id": "GcWindows"
- },
- {
- "parameter_values": "{\"IncludeArcMachines\":{\"value\":\"[parameters('includeArcMachines')]\"},\"effect\":{\"value\":\"[parameters('effect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc",
- "policy_group_names": null,
- "reference_id": "WinAcsb"
- },
- {
- "parameter_values": "{\"IncludeArcMachines\":{\"value\":\"[parameters('includeArcMachines')]\"},\"effect\":{\"value\":\"[parameters('effect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd",
- "policy_group_names": null,
- "reference_id": "LinAcsb"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce policies in the Decommissioned Landing Zone.",
- "display_name": "Enforce policies in the Decommissioned Landing Zone",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Decommissioned\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Enforce-ALZ-Decomm",
- "parameters": "{\"listOfResourceTypesAllowed\":{\"defaultValue\":[],\"metadata\":{\"description\":\"Allowed resource types in the Decommissioned landing zone, default is none.\",\"displayName\":\"Allowed resource types in the Decommissioned landing zone\",\"strongType\":\"resourceTypes\"},\"type\":\"Array\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"listOfResourceTypesAllowed\":{\"value\":\"[parameters('listOfResourceTypesAllowed')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c",
- "policy_group_names": null,
- "reference_id": "DecomDenyResources"
- },
- {
- "parameter_values": "{}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown",
- "policy_group_names": null,
- "reference_id": "DecomShutdownMachines"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce policies in the Sandbox Landing Zone.",
- "display_name": "Enforce policies in the Sandbox Landing Zone",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Sandbox\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Enforce-ALZ-Sandbox",
- "parameters": "{\"effectDenyVnetPeering\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectNotAllowedResources\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"listOfResourceTypesNotAllowed\":{\"defaultValue\":[],\"metadata\":{\"description\":\"Not allowed resource types in the Sandbox landing zone, default is none.\",\"displayName\":\"Not allowed resource types in the Sandbox landing zone\",\"strongType\":\"resourceTypes\"},\"type\":\"Array\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectNotAllowedResources')]\"},\"listOfResourceTypesNotAllowed\":{\"value\":\"[parameters('listOfResourceTypesNotAllowed')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
- "policy_group_names": null,
- "reference_id": "SandboxNotAllowed"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectDenyVnetPeering')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub",
- "policy_group_names": null,
- "reference_id": "SandboxDenyVnetPeering"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. ",
- "display_name": "Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Encryption\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "name": "Enforce-EncryptTransit",
- "parameters": "{\"AKSIngressHttpsOnlyEffect\":{\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"deny\",\"metadata\":{\"description\":\"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\",\"displayName\":\"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\"},\"type\":\"String\"},\"APIAppServiceHttpsEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\"displayName\":\"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\"},\"type\":\"String\"},\"AppServiceHttpEffect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\",\"displayName\":\"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\"},\"type\":\"String\"},\"AppServiceTlsVersionEffect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"App Service. Appends the AppService sites object to ensure that HTTPS only is enabled for server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\",\"displayName\":\"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\"},\"type\":\"String\"},\"AppServiceminTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"App Service. Select version minimum TLS version for a Web App config to enforce\",\"displayName\":\"App Service. Select version minimum TLS Web App config\"},\"type\":\"String\"},\"FunctionLatestTlsEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\",\"displayName\":\"App Service Function App. Latest TLS version should be used in your Function App\"},\"type\":\"String\"},\"FunctionServiceHttpsEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\"displayName\":\"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\"},\"type\":\"String\"},\"MySQLEnableSSLDeployEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\"},\"type\":\"String\"},\"MySQLEnableSSLEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\"},\"type\":\"String\"},\"MySQLminimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version Azure Database for MySQL server to enforce\",\"displayName\":\"MySQL database servers. Select version minimum TLS for MySQL server\"},\"type\":\"String\"},\"PostgreSQLEnableSSLDeployEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\"},\"type\":\"String\"},\"PostgreSQLEnableSSLEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\"},\"type\":\"String\"},\"PostgreSQLminimalTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_0\",\"TLS1_1\",\"TLSEnforcementDisabled\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"PostgreSQL database servers. Select version minimum TLS version Azure Database for MySQL server to enforce\",\"displayName\":\"PostgreSQL database servers. Select version minimum TLS for MySQL server\"},\"type\":\"String\"},\"RedisMinTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version for a Azure Cache for Redis to enforce\",\"displayName\":\"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\"},\"type\":\"String\"},\"RedisTLSDeployEffect\":{\"allowedValues\":[\"Append\",\"Disabled\"],\"defaultValue\":\"Append\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\"},\"type\":\"String\"},\"RedisTLSEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\",\"displayName\":\"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\"},\"type\":\"String\"},\"SQLManagedInstanceMinTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version for Azure Managed Instanceto to enforce\",\"displayName\":\"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\"},\"type\":\"String\"},\"SQLManagedInstanceTLSDeployEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\"},\"type\":\"String\"},\"SQLManagedInstanceTLSEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\",\"displayName\":\"SQL Managed Instance should have the minimal TLS version of 1.2\"},\"type\":\"String\"},\"SQLServerTLSDeployEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\"displayName\":\"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\"},\"type\":\"String\"},\"SQLServerTLSEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\",\"displayName\":\"Azure SQL Database should have the minimal TLS version of 1.2\"},\"type\":\"String\"},\"SQLServerminTlsVersion\":{\"allowedValues\":[\"1.2\",\"1.0\",\"1.1\"],\"defaultValue\":\"1.2\",\"metadata\":{\"description\":\"Select version minimum TLS version for Azure SQL Database to enforce\",\"displayName\":\"Azure SQL Database.Select version minimum TLS for Azure SQL Database\"},\"type\":\"String\"},\"StorageDeployHttpsEnabledEffect\":{\"allowedValues\":[\"DeployIfNotExists\",\"Disabled\"],\"defaultValue\":\"DeployIfNotExists\",\"metadata\":{\"description\":\"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\"displayName\":\"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\"},\"type\":\"String\"},\"StorageHttpsEnabledEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\"displayName\":\"Azure Storage Account. Secure transfer to storage accounts should be enabled\"},\"type\":\"String\"},\"StorageminimumTlsVersion\":{\"allowedValues\":[\"TLS1_2\",\"TLS1_1\",\"TLS1_0\"],\"defaultValue\":\"TLS1_2\",\"metadata\":{\"description\":\"Select version minimum TLS version on Azure Storage Account to enforce\",\"displayName\":\"Storage Account select minimum TLS version\"},\"type\":\"String\"},\"WebAppServiceHttpsEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\",\"Deny\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\"displayName\":\"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\"},\"type\":\"String\"},\"WebAppServiceLatestTlsEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\",\"displayName\":\"App Service Web App. Latest TLS version should be used in your Web App\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppServiceHttpEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly",
- "policy_group_names": null,
- "reference_id": "AppServiceHttpEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AppServiceTlsVersionEffect')]\"},\"minTlsVersion\":{\"value\":\"[parameters('AppServiceminTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS",
- "policy_group_names": null,
- "reference_id": "AppServiceminTlsVersion"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FunctionLatestTlsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193",
- "policy_group_names": null,
- "reference_id": "FunctionLatestTlsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WebAppServiceLatestTlsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
- "policy_group_names": null,
- "reference_id": "WebAppServiceLatestTlsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('APIAppServiceHttpsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http",
- "policy_group_names": null,
- "reference_id": "APIAppServiceHttpsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('FunctionServiceHttpsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http",
- "policy_group_names": null,
- "reference_id": "FunctionServiceHttpsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WebAppServiceHttpsEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http",
- "policy_group_names": null,
- "reference_id": "WebAppServiceHttpsEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AKSIngressHttpsOnlyEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d",
- "policy_group_names": null,
- "reference_id": "AKSIngressHttpsOnlyEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLEnableSSLDeployEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('MySQLminimalTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement",
- "policy_group_names": null,
- "reference_id": "MySQLEnableSSLDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLEnableSSLEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('MySQLminimalTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http",
- "policy_group_names": null,
- "reference_id": "MySQLEnableSSLEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLEnableSSLDeployEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('PostgreSQLminimalTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement",
- "policy_group_names": null,
- "reference_id": "PostgreSQLEnableSSLDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLEnableSSLEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('PostgreSQLminimalTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http",
- "policy_group_names": null,
- "reference_id": "PostgreSQLEnableSSLEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisTLSDeployEffect')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('RedisMinTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement",
- "policy_group_names": null,
- "reference_id": "RedisTLSDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisTLSDeployEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort",
- "policy_group_names": null,
- "reference_id": "RedisdisableNonSslPort"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('RedisTLSEffect')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('RedisMinTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http",
- "policy_group_names": null,
- "reference_id": "RedisDenyhttps"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLManagedInstanceTLSDeployEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('SQLManagedInstanceMinTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS",
- "policy_group_names": null,
- "reference_id": "SQLManagedInstanceTLSDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLManagedInstanceTLSEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('SQLManagedInstanceMinTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS",
- "policy_group_names": null,
- "reference_id": "SQLManagedInstanceTLSEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLServerTLSDeployEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('SQLServerminTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS",
- "policy_group_names": null,
- "reference_id": "SQLServerTLSDeployEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SQLServerTLSEffect')]\"},\"minimalTlsVersion\":{\"value\":\"[parameters('SQLServerminTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS",
- "policy_group_names": null,
- "reference_id": "SQLServerTLSEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageHttpsEnabledEffect')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('StorageMinimumTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS",
- "policy_group_names": null,
- "reference_id": "StorageHttpsEnabledEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageDeployHttpsEnabledEffect')]\"},\"minimumTlsVersion\":{\"value\":\"[parameters('StorageMinimumTlsVersion')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement",
- "policy_group_names": null,
- "reference_id": "StorageDeployHttpsEnabledEffect"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Deny or Audit resources without Encryption with a customer-managed key (CMK)",
- "display_name": "Deny or Audit resources without Encryption with a customer-managed key (CMK)",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Encryption\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"2.0.0\"}",
- "name": "Enforce-Encryption-CMK",
- "parameters": "{\"ACRCmkEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\",\"displayName\":\"Container registries should be encrypted with a customer-managed key (CMK)\"},\"type\":\"String\"},\"AksCmkEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\",\"displayName\":\"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\"},\"type\":\"String\"},\"AzureBatchCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\",\"displayName\":\"Azure Batch account should use customer-managed keys to encrypt data\"},\"type\":\"String\"},\"CognitiveServicesCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\",\"displayName\":\"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\"},\"type\":\"String\"},\"CosmosCMKEffect\":{\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\",\"metadata\":{\"description\":\"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\",\"displayName\":\"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\"},\"type\":\"String\"},\"DataBoxCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\",\"displayName\":\"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\"},\"type\":\"String\"},\"EncryptedVMDisksEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\",\"displayName\":\"Disk encryption should be applied on virtual machines\"},\"type\":\"String\"},\"HealthcareAPIsCMKEffect\":{\"allowedValues\":[\"audit\",\"disabled\"],\"defaultValue\":\"audit\",\"metadata\":{\"description\":\"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\",\"displayName\":\"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\"},\"type\":\"String\"},\"MySQLCMKEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\",\"displayName\":\"Azure MySQL servers bring your own key data protection should be enabled\"},\"type\":\"String\"},\"PostgreSQLCMKEffect\":{\"allowedValues\":[\"AuditIfNotExists\",\"Disabled\"],\"defaultValue\":\"AuditIfNotExists\",\"metadata\":{\"description\":\"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\",\"displayName\":\"Azure PostgreSQL servers bring your own key data protection should be enabled\"},\"type\":\"String\"},\"SqlServerTDECMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\",\"displayName\":\"SQL servers should use customer-managed keys to encrypt data at rest\"},\"type\":\"String\"},\"StorageCMKEffect\":{\"allowedValues\":[\"Audit\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\",\"displayName\":\"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\"},\"type\":\"String\"},\"StreamAnalyticsCMKEffect\":{\"allowedValues\":[\"audit\",\"deny\",\"disabled\"],\"defaultValue\":\"audit\",\"metadata\":{\"description\":\"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\",\"displayName\":\"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\"},\"type\":\"String\"},\"SynapseWorkspaceCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\",\"displayName\":\"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\"},\"type\":\"String\"},\"WorkspaceCMKEffect\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\",\"displayName\":\"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\"},\"type\":\"String\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('ACRCmkEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580",
- "policy_group_names": null,
- "reference_id": "ACRCmkDeny"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AksCmkEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67",
- "policy_group_names": null,
- "reference_id": "AksCmkDeny"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('WorkspaceCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8",
- "policy_group_names": null,
- "reference_id": "WorkspaceCMK"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CognitiveServicesCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d",
- "policy_group_names": null,
- "reference_id": "CognitiveServicesCMK"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('CosmosCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f",
- "policy_group_names": null,
- "reference_id": "CosmosCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('DataBoxCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae",
- "policy_group_names": null,
- "reference_id": "DataBoxCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StreamAnalyticsCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7",
- "policy_group_names": null,
- "reference_id": "StreamAnalyticsCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SynapseWorkspaceCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385",
- "policy_group_names": null,
- "reference_id": "SynapseWorkspaceCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('StorageCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25",
- "policy_group_names": null,
- "reference_id": "StorageCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('MySQLCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833",
- "policy_group_names": null,
- "reference_id": "MySQLCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('PostgreSQLCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274",
- "policy_group_names": null,
- "reference_id": "PostgreSQLCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('SqlServerTDECMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8",
- "policy_group_names": null,
- "reference_id": "SqlServerTDECMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('HealthcareAPIsCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119",
- "policy_group_names": null,
- "reference_id": "HealthcareAPIsCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('AzureBatchCMKEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a",
- "policy_group_names": null,
- "reference_id": "AzureBatchCMKEffect"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('EncryptedVMDisksEffect')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d",
- "policy_group_names": null,
- "reference_id": "EncryptedVMDisksEffect"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_policy_set_definition.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault\"]",
- "mode": "managed",
- "type": "azurerm_policy_set_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Enforce recommended guardrails for Azure Key Vault.",
- "display_name": "Enforce recommended guardrails for Azure Key Vault",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\",\"AzureChinaCloud\",\"AzureUSGovernment\"],\"category\":\"Key Vault\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
- "name": "Enforce-Guardrails-KeyVault",
- "parameters": "{\"effectKvCertLifetime\":{\"allowedValues\":[\"audit\",\"Audit\",\"deny\",\"Deny\",\"disabled\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvFirewallEnabled\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvKeysExpire\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvKeysLifetime\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvPurgeProtection\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvSecretsExpire\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvSecretsLifetime\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Audit\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"effectKvSoftDelete\":{\"allowedValues\":[\"Audit\",\"Deny\",\"Disabled\"],\"defaultValue\":\"Deny\",\"metadata\":{\"description\":\"Enable or disable the execution of the policy\",\"displayName\":\"Effect\"},\"type\":\"String\"},\"maximumCertLifePercentageLife\":{\"defaultValue\":80,\"metadata\":{\"description\":\"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\",\"displayName\":\"The maximum lifetime percentage\"},\"type\":\"Integer\"},\"minimumCertLifeDaysBeforeExpiry\":{\"defaultValue\":90,\"metadata\":{\"description\":\"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\",\"displayName\":\"The minimum days before expiry\"},\"type\":\"Integer\"},\"minimumKeysLifeDaysBeforeExpiry\":{\"defaultValue\":90,\"metadata\":{\"description\":\"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\",\"displayName\":\"The minimum days before expiry\"},\"type\":\"Integer\"},\"minimumSecretsLifeDaysBeforeExpiry\":{\"defaultValue\":90,\"metadata\":{\"description\":\"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\",\"displayName\":\"The minimum days before expiry\"},\"type\":\"Integer\"}}",
- "policy_definition_group": [],
- "policy_definition_reference": [
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvSoftDelete')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d",
- "policy_group_names": null,
- "reference_id": "KvSoftDelete"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvPurgeProtection')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
- "policy_group_names": null,
- "reference_id": "KvPurgeProtection"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvSecretsExpire')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37",
- "policy_group_names": null,
- "reference_id": "KvSecretsExpire"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvKeysExpire')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
- "policy_group_names": null,
- "reference_id": "KvKeysExpire"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvFirewallEnabled')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490",
- "policy_group_names": null,
- "reference_id": "KvFirewallEnabled"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvCertLifetime')]\"},\"maximumPercentageLife\":{\"value\":\"[parameters('maximumCertLifePercentageLife')]\"},\"minimumDaysBeforeExpiry\":{\"value\":\"[parameters('minimumCertLifeDaysBeforeExpiry')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417",
- "policy_group_names": null,
- "reference_id": "KvCertLifetime"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvKeysLifetime')]\"},\"minimumDaysBeforeExpiration\":{\"value\":\"[parameters('minimumKeysLifeDaysBeforeExpiry')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146",
- "policy_group_names": null,
- "reference_id": "KvKeysLifetime"
- },
- {
- "parameter_values": "{\"effect\":{\"value\":\"[parameters('effectKvSecretsLifetime')]\"},\"minimumDaysBeforeExpiration\":{\"value\":\"[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a",
- "policy_group_names": null,
- "reference_id": "KvSecretsLifetime"
- }
- ],
- "policy_type": "Custom",
- "timeouts": null
- },
- "sensitive_values": {
- "policy_definition_group": [],
- "policy_definition_reference": [
- {},
- {},
- {},
- {},
- {},
- {},
- {},
- {}
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_assignment.private_dns_zone_contributor_connectivity[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "private_dns_zone_contributor_connectivity",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "role_definition_name": "Private DNS Zone Contributor",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/07824e45-af54-586f-a5f0-4bb8676cb3a2\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/07824e45-af54-586f-a5f0-4bb8676cb3a2",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Delegated role for subscription owner generated from subscription Owner role",
- "name": "[ROOT-ID-1] Subscription-Owner",
- "permissions": [
- {
- "actions": [
- "*"
- ],
- "data_actions": null,
- "not_actions": [
- "Microsoft.Authorization/*/write",
- "Microsoft.Network/vpnGateways/*",
- "Microsoft.Network/expressRouteCircuits/*",
- "Microsoft.Network/routeTables/write",
- "Microsoft.Network/vpnSites/*"
- ],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "07824e45-af54-586f-a5f0-4bb8676cb3a2",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false
- ],
- "not_actions": [
- false,
- false,
- false,
- false,
- false
- ]
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/3b569e18-4af0-5c97-932c-0447cae64922\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/3b569e18-4af0-5c97-932c-0447cae64922",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Security Administrator role with a horizontal view across the entire Azure estate and the Azure Key Vault purge policy.",
- "name": "[ROOT-ID-1] Security-Operations",
- "permissions": [
- {
- "actions": [
- "*/read",
- "*/register/action",
- "Microsoft.KeyVault/locations/deletedVaults/purge/action",
- "Microsoft.PolicyInsights/*",
- "Microsoft.Authorization/policyAssignments/*",
- "Microsoft.Authorization/policyDefinitions/*",
- "Microsoft.Authorization/policyExemptions/*",
- "Microsoft.Authorization/policySetDefinitions/*",
- "Microsoft.Insights/alertRules/*",
- "Microsoft.Resources/deployments/*",
- "Microsoft.Security/*",
- "Microsoft.Support/*"
- ],
- "data_actions": null,
- "not_actions": [],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "3b569e18-4af0-5c97-932c-0447cae64922",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false
- ],
- "not_actions": []
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/61e44ab2-d16b-5ea5-8692-f9b97be416fa\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/61e44ab2-d16b-5ea5-8692-f9b97be416fa",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Platform-wide global connectivity management: virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others",
- "name": "[ROOT-ID-1] Network-Management",
- "permissions": [
- {
- "actions": [
- "*/read",
- "Microsoft.Network/*",
- "Microsoft.Resources/deployments/*",
- "Microsoft.Support/*"
- ],
- "data_actions": null,
- "not_actions": [],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "61e44ab2-d16b-5ea5-8692-f9b97be416fa",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false,
- false,
- false,
- false
- ],
- "not_actions": []
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/6a8ddaca-120a-579a-a375-1abe30d29f6d\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/6a8ddaca-120a-579a-a375-1abe30d29f6d",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Enterprise-scale custom Role Definition. Grants full access to manage Virtual Network subnets, but no other network resources.",
- "name": "[ROOT-ID-1] Network-Subnet-Contributor",
- "permissions": [
- {
- "actions": [
- "Microsoft.Authorization/*/read",
- "Microsoft.Insights/alertRules/*",
- "Microsoft.ResourceHealth/availabilityStatuses/read",
- "Microsoft.Resources/deployments/*",
- "Microsoft.Resources/subscriptions/resourceGroups/read",
- "Microsoft.Support/*",
- "Microsoft.Network/*/read",
- "Microsoft.Network/virtualNetworks/subnets/*"
- ],
- "data_actions": null,
- "not_actions": [],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "6a8ddaca-120a-579a-a375-1abe30d29f6d",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false,
- false,
- false,
- false,
- false,
- false,
- false,
- false
- ],
- "not_actions": []
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_role_definition.enterprise_scale[\"/providers/Microsoft.Authorization/roleDefinitions/8fed4ea0-34b3-55af-93e0-fbaa8f3ed158\"]",
- "mode": "managed",
- "type": "azurerm_role_definition",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Authorization/roleDefinitions/8fed4ea0-34b3-55af-93e0-fbaa8f3ed158",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "assignable_scopes": [
- "/providers/Microsoft.Management/managementGroups/root-id-1"
- ],
- "description": "Contributor role granted for application/operations team at resource group level",
- "name": "[ROOT-ID-1] Application-Owners",
- "permissions": [
- {
- "actions": [
- "*"
- ],
- "data_actions": null,
- "not_actions": [
- "Microsoft.Authorization/*/write",
- "Microsoft.Network/publicIPAddresses/write",
- "Microsoft.Network/virtualNetworks/write",
- "Microsoft.KeyVault/locations/deletedVaults/purge/action"
- ],
- "not_data_actions": null
- }
- ],
- "role_definition_id": "8fed4ea0-34b3-55af-93e0-fbaa8f3ed158",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {
- "assignable_scopes": [
- false
- ],
- "permissions": [
- {
- "actions": [
- false
- ],
- "not_actions": [
- false,
- false,
- false,
- false
- ]
- }
- ]
- }
- },
- {
- "address": "module.test_core.azurerm_subscription_template_deployment.telemetry_core[0]",
- "mode": "managed",
- "type": "azurerm_subscription_template_deployment",
- "name": "telemetry_core",
- "index": 0,
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "debug_level": null,
- "location": "northeurope",
- "tags": null,
- "template_content": "{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{\"telemetry\":{\"type\":\"String\",\"value\":\"For more information, see https://aka.ms/alz/tf/telemetry\"}},\"parameters\":{},\"resources\":[],\"variables\":{}}",
- "template_spec_version_id": null,
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.data.azapi_resource.user_msi[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\"]",
- "mode": "data",
- "type": "azapi_resource",
- "name": "user_msi",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics",
- "provider_name": "registry.terraform.io/azure/azapi",
- "schema_version": 0,
- "values": {
- "identity": [],
- "name": null,
- "resource_id": "/subscriptions/2a8527ca-5340-49aa-8931-ea03669451a0/resourceGroups/rg-identity/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id-identity",
- "response_export_values": [
- "properties.principalId"
- ],
- "timeouts": null,
- "type": "Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31"
- },
- "sensitive_values": {
- "identity": [],
- "response_export_values": [
- false
- ],
- "tags": {}
- }
- },
- {
- "address": "module.test_core.random_id.telem[0]",
- "mode": "managed",
- "type": "random_id",
- "name": "telem",
- "index": 0,
- "provider_name": "registry.terraform.io/hashicorp/random",
- "schema_version": 0,
- "values": {
- "byte_length": 4,
- "keepers": null,
- "prefix": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_management_group",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_management_group",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "120s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_management_group_level_1": "[\"/providers/Microsoft.Management/managementGroups/root-id-1\"]",
- "azurerm_management_group_level_2": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1-platform\",\"/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes\"]",
- "azurerm_management_group_level_3": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity\",\"/providers/Microsoft.Management/managementGroups/root-id-1-management\",\"/providers/Microsoft.Management/managementGroups/root-id-1-online\",\"/providers/Microsoft.Management/managementGroups/root-id-1-sap\",\"/providers/Microsoft.Management/managementGroups/root-id-1-secure\"]",
- "azurerm_management_group_level_4": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-web-emea\",\"/providers/Microsoft.Management/managementGroups/root-id-1-web-global\",\"/providers/Microsoft.Management/managementGroups/root-id-1-web-us\"]",
- "azurerm_management_group_level_5": "[]",
- "azurerm_management_group_level_6": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_policy_assignment",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_assignment",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_management_group_policy_assignment_enterprise_scale": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Audit-PeDnsZones\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-HybridNetworking\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-Endpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP-On-NIC\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Public-IP\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deny-Subnet-Without-Nsg\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Audit-AppGW-WAF\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-IP-forwarding\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-MgmtPorts-Internet\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Priv-Esc-AKS\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Privileged-AKS\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deny-Storage-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-AKS-HTTPS\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\",\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1-platform/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\",\"/providers/Microsoft.Management/managementGroups/root-id-1-sandboxes/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Sandbox\",\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\",\"/providers/Microsoft.Management/managementGroups/root-id-1-web-emea/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1-web-emea/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1-web-us/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1-web-us/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Audit-UnusedResources\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Classic-Resources\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deny-UnmanagedDisk\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_policy_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_policy_definition_enterprise_scale": "[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-KV-SoftDelete\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-MachineLearning-PrivateEndpointId\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AA-child-resources\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGW-Without-WAF\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-NoPublicIp\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-Sku\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-VirtualNetwork\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureAuth\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureKerberos\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbChannel\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-FileServices-InsecureSmbVersions\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Aks\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-SubnetId\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-Compute-VmSize\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-ComputeCluster-Scale\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-HbiWorkspace\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicAccessWhenBehindVnet\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Private-DNS-Zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-RDP-From-Internet\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-StorageAccount-CustomDomain\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Penp\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-UDR-With-Specific-NextHop\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peering-To-Non-Approved-VNETs\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deny-VNet-Peering\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Budget\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Custom-Route-Table\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-DDoSProtection\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-FirewallPolicy\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Nsg-FlowLogs-to-LA\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-VNET-HubSpoke\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyDefinitions/Deploy-Windows-DomainJoin\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_policy_set_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_set_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_policy_set_definition_enterprise_scale": "[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Audit-UnusedResourcesCostOptimization\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_role_assignment",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_role_assignment",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "0s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_role_assignment_enterprise_scale": "[]",
- "module_role_assignments_for_policy": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\",\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\",\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\",\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\",\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\",\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\",\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\",\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core.time_sleep.after_azurerm_role_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_role_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "60s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_role_definition_enterprise_scale": "[\"/providers/Microsoft.Authorization/roleDefinitions/07824e45-af54-586f-a5f0-4bb8676cb3a2\",\"/providers/Microsoft.Authorization/roleDefinitions/3b569e18-4af0-5c97-932c-0447cae64922\",\"/providers/Microsoft.Authorization/roleDefinitions/61e44ab2-d16b-5ea5-8692-f9b97be416fa\",\"/providers/Microsoft.Authorization/roleDefinitions/6a8ddaca-120a-579a-a375-1abe30d29f6d\",\"/providers/Microsoft.Authorization/roleDefinitions/8fed4ea0-34b3-55af-93e0-fbaa8f3ed158\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- }
- ],
- "address": "module.test_core",
- "child_modules": [
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/roleAssignments/bfe36639-f89e-5737-81df-f575c532b31a\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/roleAssignments/bfe36639-f89e-5737-81df-f575c532b31a",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "bfe36639-f89e-5737-81df-f575c532b31a",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-connectivity",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-connectivity/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/roleAssignments/c1667135-b6fa-51a7-a71f-04eeefb1ec49\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/roleAssignments/c1667135-b6fa-51a7-a71f-04eeefb1ec49",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "c1667135-b6fa-51a7-a71f-04eeefb1ec49",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/roleAssignments/d1e35723-04dc-5347-9a6a-b90606a2b1e5\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/roleAssignments/d1e35723-04dc-5347-9a6a-b90606a2b1e5",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "d1e35723-04dc-5347-9a6a-b90606a2b1e5",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/roleAssignments/e3573ce7-7824-5fcb-8a30-670f460f094f\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/roleAssignments/e3573ce7-7824-5fcb-8a30-670f460f094f",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e3573ce7-7824-5fcb-8a30-670f460f094f",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-corp",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-corp/providers/Microsoft.Authorization/policyAssignments/Deploy-Private-DNS-Zones\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/roleAssignments/aabcf781-5c4c-5952-863f-e51732fcdf1b\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/roleAssignments/aabcf781-5c4c-5952-863f-e51732fcdf1b",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "aabcf781-5c4c-5952-863f-e51732fcdf1b",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-decommissioned/providers/Microsoft.Authorization/policyAssignments/Enforce-ALZ-Decomm\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/roleAssignments/10acbd2f-bfdd-5c38-bf46-3a67cafdeaf3\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/roleAssignments/10acbd2f-bfdd-5c38-bf46-3a67cafdeaf3",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "10acbd2f-bfdd-5c38-bf46-3a67cafdeaf3",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/roleAssignments/1358ccb0-1ad3-5974-ae44-7f5728c09678\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/roleAssignments/1358ccb0-1ad3-5974-ae44-7f5728c09678",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "1358ccb0-1ad3-5974-ae44-7f5728c09678",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-identity",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-identity/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/e3bad489-c3ed-57c4-9802-e4c4a84ed145\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/e3bad489-c3ed-57c4-9802-e4c4a84ed145",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e3bad489-c3ed-57c4-9802-e4c4a84ed145",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/ef4aaac1-624f-57fb-8444-3d2fdd091a35\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/ef4aaac1-624f-57fb-8444-3d2fdd091a35",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "ef4aaac1-624f-57fb-8444-3d2fdd091a35",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/18ed5180-3e48-46fd-8541-4ea054d57064",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/62d19ca1-fb31-5489-859f-f43578c5e409\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/62d19ca1-fb31-5489-859f-f43578c5e409",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "62d19ca1-fb31-5489-859f-f43578c5e409",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/dedede29-96ae-5d67-84a4-70b555716715\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/dedede29-96ae-5d67-84a4-70b555716715",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "dedede29-96ae-5d67-84a4-70b555716715",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-AzSqlDb-Auditing\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/3017df2e-5df0-5373-bb0c-c255e0127c77\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/3017df2e-5df0-5373-bb0c-c255e0127c77",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "3017df2e-5df0-5373-bb0c-c255e0127c77",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-TDE\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/533932d3-0f16-59eb-84b8-893805c84e9c\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/533932d3-0f16-59eb-84b8-893805c84e9c",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "533932d3-0f16-59eb-84b8-893805c84e9c",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Threat\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/8a906dc2-5af6-5c64-a065-e5782483b6b7\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/8a906dc2-5af6-5c64-a065-e5782483b6b7",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "8a906dc2-5af6-5c64-a065-e5782483b6b7",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/ee60d5ba-80b7-58dc-b6c6-1e0ceaaaf879\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/ee60d5ba-80b7-58dc-b6c6-1e0ceaaaf879",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "ee60d5ba-80b7-58dc-b6c6-1e0ceaaaf879",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/1c659f37-1ad5-5577-bc68-922ba20d7523\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/1c659f37-1ad5-5577-bc68-922ba20d7523",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "1c659f37-1ad5-5577-bc68-922ba20d7523",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enable-DDoS-VNET\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/a6a1084c-d0cb-5064-b41f-1bd6af819efb\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/a6a1084c-d0cb-5064-b41f-1bd6af819efb",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "a6a1084c-d0cb-5064-b41f-1bd6af819efb",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/d38c8a09-e2ee-5c09-b677-e38676280c29\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/d38c8a09-e2ee-5c09-b677-e38676280c29",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "d38c8a09-e2ee-5c09-b677-e38676280c29",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/d52d1c28-60ce-5efa-8f6d-0e1a32be16b6\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/d52d1c28-60ce-5efa-8f6d-0e1a32be16b6",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "d52d1c28-60ce-5efa-8f6d-0e1a32be16b6",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/e9d4bb72-a2e6-5c7f-9354-3ea5c9ae9f87\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/roleAssignments/e9d4bb72-a2e6-5c7f-9354-3ea5c9ae9f87",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e9d4bb72-a2e6-5c7f-9354-3ea5c9ae9f87",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-TLS-SSL\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/roleAssignments/8f7e20b7-7a5d-551d-b4fd-047861c4bc93\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/roleAssignments/8f7e20b7-7a5d-551d-b4fd-047861c4bc93",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "8f7e20b7-7a5d-551d-b4fd-047861c4bc93",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-management",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/3406f92e-62e7-506f-9b80-9c7a6a19c569\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/3406f92e-62e7-506f-9b80-9c7a6a19c569",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "3406f92e-62e7-506f-9b80-9c7a6a19c569",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/7316970a-470a-5a53-bc65-06add2b5a31e\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/7316970a-470a-5a53-bc65-06add2b5a31e",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "7316970a-470a-5a53-bc65-06add2b5a31e",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/745f090f-9aca-509d-94c6-0f6704abceae\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/745f090f-9aca-509d-94c6-0f6704abceae",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "745f090f-9aca-509d-94c6-0f6704abceae",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/817e9088-7487-507a-bc2b-d6f0d6fefca1\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/817e9088-7487-507a-bc2b-d6f0d6fefca1",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "817e9088-7487-507a-bc2b-d6f0d6fefca1",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/e5b17f2f-f8a9-5645-ae80-2e639d5cc71f\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/roleAssignments/e5b17f2f-f8a9-5645-ae80-2e639d5cc71f",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e5b17f2f-f8a9-5645-ae80-2e639d5cc71f",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1-secure",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1-secure/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/a82e8238-8bda-508f-84b5-f732aae9ee5e\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/a82e8238-8bda-508f-84b5-f732aae9ee5e",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "a82e8238-8bda-508f-84b5-f732aae9ee5e",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/c7bf76e5-9636-5f92-ad46-22d49ea5c086\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/c7bf76e5-9636-5f92-ad46-22d49ea5c086",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "c7bf76e5-9636-5f92-ad46-22d49ea5c086",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/5127798b-130e-5d28-b539-2f33fa0fb750\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/5127798b-130e-5d28-b539-2f33fa0fb750",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "5127798b-130e-5d28-b539-2f33fa0fb750",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/5d2b9623-6e43-594f-a2e7-d200188772f5\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/5d2b9623-6e43-594f-a2e7-d200188772f5",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "5d2b9623-6e43-594f-a2e7-d200188772f5",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/8701c536-d722-531e-9bde-ae1e0427a9ae\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/8701c536-d722-531e-9bde-ae1e0427a9ae",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "8701c536-d722-531e-9bde-ae1e0427a9ae",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/9a2ebc9c-52d3-5cba-ae34-4d3507b2968e\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/9a2ebc9c-52d3-5cba-ae34-4d3507b2968e",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "9a2ebc9c-52d3-5cba-ae34-4d3507b2968e",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/b2bbf080-fbfd-53ff-91d5-37dc8ecfb6bb\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/b2bbf080-fbfd-53ff-91d5-37dc8ecfb6bb",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "b2bbf080-fbfd-53ff-91d5-37dc8ecfb6bb",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-HITRUST-HIPAA\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/e01a72e6-27ce-5ca0-acac-7e07b933740a\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/e01a72e6-27ce-5ca0-acac-7e07b933740a",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e01a72e6-27ce-5ca0-acac-7e07b933740a",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDEndpoints\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/22ff9bc8-ce29-51d8-b952-886206aa9339\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/22ff9bc8-ce29-51d8-b952-886206aa9339",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "22ff9bc8-ce29-51d8-b952-886206aa9339",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/9ce4af18-ce8a-5ff5-b9d3-5b2718531aa3\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/9ce4af18-ce8a-5ff5-b9d3-5b2718531aa3",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "9ce4af18-ce8a-5ff5-b9d3-5b2718531aa3",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/a73d060f-b4c9-5c45-bdd2-5bca0354d723\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/a73d060f-b4c9-5c45-bdd2-5bca0354d723",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "a73d060f-b4c9-5c45-bdd2-5bca0354d723",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/cb5f0a98-31a9-5269-9403-a186cfc43943\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/cb5f0a98-31a9-5269-9403-a186cfc43943",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "cb5f0a98-31a9-5269-9403-a186cfc43943",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/fcd93ba4-ff33-5824-a504-b432c2dfd3a7\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/fcd93ba4-ff33-5824-a504-b432c2dfd3a7",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "fcd93ba4-ff33-5824-a504-b432c2dfd3a7",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/18ed5180-3e48-46fd-8541-4ea054d57064",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/ff44dd66-55e9-54b4-be99-411f2ea2888d\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/ff44dd66-55e9-54b4-be99-411f2ea2888d",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "ff44dd66-55e9-54b4-be99-411f2ea2888d",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-Config\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/14538d97-4a28-5d98-889f-4466a399396f\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/14538d97-4a28-5d98-889f-4466a399396f",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "14538d97-4a28-5d98-889f-4466a399396f",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-OssDb\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/48b3e1cf-ed37-5c12-b92e-ffe2a7a7e5f7\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/48b3e1cf-ed37-5c12-b92e-ffe2a7a7e5f7",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "48b3e1cf-ed37-5c12-b92e-ffe2a7a7e5f7",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-MDFC-SqlAtp\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/51ed04ed-dae3-5fd3-9fa6-eea4b794c795\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/51ed04ed-dae3-5fd3-9fa6-eea4b794c795",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "51ed04ed-dae3-5fd3-9fa6-eea4b794c795",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/6069b84d-76fc-5db3-905b-09304bb00f79\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/6069b84d-76fc-5db3-905b-09304bb00f79",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "6069b84d-76fc-5db3-905b-09304bb00f79",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/4ccc8330-f622-59c1-8f88-161a33aaf4a6\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/4ccc8330-f622-59c1-8f88-161a33aaf4a6",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "4ccc8330-f622-59c1-8f88-161a33aaf4a6",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/e69c3b84-6498-5330-ba23-d89f390b67bf\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/e69c3b84-6498-5330-ba23-d89f390b67bf",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "e69c3b84-6498-5330-ba23-d89f390b67bf",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-Auditing\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/944bd159-55ad-5350-963c-316d127a5fd2\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/944bd159-55ad-5350-963c-316d127a5fd2",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "944bd159-55ad-5350-963c-316d127a5fd2",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring\"]"
- },
- {
- "resources": [
- {
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"].azurerm_role_assignment.for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/3d3e8314-e2b2-5209-a43a-7e53ddabe248\"]",
- "mode": "managed",
- "type": "azurerm_role_assignment",
- "name": "for_policy",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/roleAssignments/3d3e8314-e2b2-5209-a43a-7e53ddabe248",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "condition": null,
- "condition_version": null,
- "delegated_managed_identity_resource_id": null,
- "description": null,
- "name": "3d3e8314-e2b2-5209-a43a-7e53ddabe248",
- "role_definition_id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
- "scope": "/providers/Microsoft.Management/managementGroups/root-id-1",
- "timeouts": null
- },
- "sensitive_values": {}
- }
- ],
- "address": "module.test_core.module.role_assignments_for_policy[\"/providers/Microsoft.Management/managementGroups/root-id-1/providers/Microsoft.Authorization/policyAssignments/Enforce-ACSB\"]"
- }
- ]
- },
- {
- "resources": [
- {
- "address": "module.test_core_nested.azurerm_management_group.level_1[\"/providers/Microsoft.Management/managementGroups/root-id-1-custom-lz1\"]",
- "mode": "managed",
- "type": "azurerm_management_group",
- "name": "level_1",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-custom-lz1",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "display_name": "Nested Custom LZ1",
- "name": "root-id-1-custom-lz1",
- "parent_management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-landing-zones",
- "timeouts": null
- },
- "sensitive_values": {
- "subscription_ids": []
- }
- },
- {
- "address": "module.test_core_nested.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-custom-lz1/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-custom-lz1/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resource Groups can be deployed. Generated from custom Terraform template.",
- "display_name": "Limit allowed locations for Resource Groups",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-custom-lz1",
- "name": "Deny-RSG-Locations",
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"eastus\",\"eastus2\",\"westus\",\"northcentralus\",\"southcentralus\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core_nested.azurerm_management_group_policy_assignment.enterprise_scale[\"/providers/Microsoft.Management/managementGroups/root-id-1-custom-lz1/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\"]",
- "mode": "managed",
- "type": "azurerm_management_group_policy_assignment",
- "name": "enterprise_scale",
- "index": "/providers/Microsoft.Management/managementGroups/root-id-1-custom-lz1/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "description": "Specifies the allowed locations (regions) where Resources can be deployed.",
- "display_name": "Limit allowed locations for Resources",
- "enforce": true,
- "identity": [],
- "location": "northeurope",
- "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1-custom-lz1",
- "name": "Deny-Resource-Locations",
- "not_scopes": [],
- "overrides": [],
- "parameters": "{\"listOfAllowedLocations\":{\"value\":[\"northcentralus\",\"southcentralus\"]}}",
- "policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
- "resource_selectors": [],
- "timeouts": null
- },
- "sensitive_values": {
- "identity": [],
- "non_compliance_message": [],
- "not_scopes": [],
- "overrides": [],
- "resource_selectors": []
- }
- },
- {
- "address": "module.test_core_nested.azurerm_subscription_template_deployment.telemetry_core[0]",
- "mode": "managed",
- "type": "azurerm_subscription_template_deployment",
- "name": "telemetry_core",
- "index": 0,
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "debug_level": null,
- "location": "northeurope",
- "tags": null,
- "template_content": "{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{\"telemetry\":{\"type\":\"String\",\"value\":\"For more information, see https://aka.ms/alz/tf/telemetry\"}},\"parameters\":{},\"resources\":[],\"variables\":{}}",
- "template_spec_version_id": null,
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core_nested.data.azurerm_policy_definition.external_lookup[\"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\"]",
- "mode": "data",
- "type": "azurerm_policy_definition",
- "name": "external_lookup",
- "index": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "management_group_name": null,
- "name": "e56962a6-4747-49cd-b67b-bf8b01975c4c",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core_nested.data.azurerm_policy_definition.external_lookup[\"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\"]",
- "mode": "data",
- "type": "azurerm_policy_definition",
- "name": "external_lookup",
- "index": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "management_group_name": null,
- "name": "e765b5de-1225-4ba3-bd56-1ac6695af988",
- "timeouts": null
- },
- "sensitive_values": {
- "role_definition_ids": []
- }
- },
- {
- "address": "module.test_core_nested.random_id.telem[0]",
- "mode": "managed",
- "type": "random_id",
- "name": "telem",
- "index": 0,
- "provider_name": "registry.terraform.io/hashicorp/random",
- "schema_version": 0,
- "values": {
- "byte_length": 4,
- "keepers": null,
- "prefix": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_core_nested.time_sleep.after_azurerm_management_group",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_management_group",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "120s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_management_group_level_1": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-custom-lz1\"]",
- "azurerm_management_group_level_2": "[]",
- "azurerm_management_group_level_3": "[]",
- "azurerm_management_group_level_4": "[]",
- "azurerm_management_group_level_5": "[]",
- "azurerm_management_group_level_6": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core_nested.time_sleep.after_azurerm_policy_assignment",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_assignment",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_management_group_policy_assignment_enterprise_scale": "[\"/providers/Microsoft.Management/managementGroups/root-id-1-custom-lz1/providers/Microsoft.Authorization/policyAssignments/Deny-RSG-Locations\",\"/providers/Microsoft.Management/managementGroups/root-id-1-custom-lz1/providers/Microsoft.Authorization/policyAssignments/Deny-Resource-Locations\"]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core_nested.time_sleep.after_azurerm_policy_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_policy_definition_enterprise_scale": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core_nested.time_sleep.after_azurerm_policy_set_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_set_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_policy_set_definition_enterprise_scale": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core_nested.time_sleep.after_azurerm_role_assignment",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_role_assignment",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "0s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_role_assignment_enterprise_scale": "[]",
- "module_role_assignments_for_policy": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_core_nested.time_sleep.after_azurerm_role_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_role_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "60s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_role_definition_enterprise_scale": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- }
- ],
- "address": "module.test_core_nested"
- },
- {
- "resources": [
- {
- "address": "module.test_management.azurerm_automation_account.management[\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.Automation/automationAccounts/root-id-1-automation\"]",
- "mode": "managed",
- "type": "azurerm_automation_account",
- "name": "management",
- "index": "/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.Automation/automationAccounts/root-id-1-automation",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "encryption": [],
- "identity": [],
- "local_authentication_enabled": true,
- "location": "northeurope",
- "name": "root-id-1-automation",
- "public_network_access_enabled": true,
- "resource_group_name": "root-id-1-mgmt",
- "sku_name": "Basic",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework/management"
- },
- "timeouts": null
- },
- "sensitive_values": {
- "encryption": [],
- "identity": [],
- "private_endpoint_connection": [],
- "tags": {}
- }
- },
- {
- "address": "module.test_management.azurerm_log_analytics_linked_service.management[\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la/linkedServices/Automation\"]",
- "mode": "managed",
- "type": "azurerm_log_analytics_linked_service",
- "name": "management",
- "index": "/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la/linkedServices/Automation",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "read_access_id": "/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.Automation/automationAccounts/root-id-1-automation",
- "resource_group_name": "root-id-1-mgmt",
- "timeouts": null,
- "workspace_id": "/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la",
- "write_access_id": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_management.azurerm_log_analytics_solution.management[\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationsManagement/solutions/SQLAdvancedThreatProtection(root-id-1-la)\"]",
- "mode": "managed",
- "type": "azurerm_log_analytics_solution",
- "name": "management",
- "index": "/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationsManagement/solutions/SQLAdvancedThreatProtection(root-id-1-la)",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "location": "northeurope",
- "plan": [
- {
- "product": "OMSGallery/SQLAdvancedThreatProtection",
- "promotion_code": null,
- "publisher": "Microsoft"
- }
- ],
- "resource_group_name": "root-id-1-mgmt",
- "solution_name": "SQLAdvancedThreatProtection",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework/management"
- },
- "timeouts": null,
- "workspace_name": "root-id-1-la",
- "workspace_resource_id": "/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la"
- },
- "sensitive_values": {
- "plan": [
- {}
- ],
- "tags": {}
- }
- },
- {
- "address": "module.test_management.azurerm_log_analytics_solution.management[\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationsManagement/solutions/SQLVulnerabilityAssessment(root-id-1-la)\"]",
- "mode": "managed",
- "type": "azurerm_log_analytics_solution",
- "name": "management",
- "index": "/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationsManagement/solutions/SQLVulnerabilityAssessment(root-id-1-la)",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 1,
- "values": {
- "location": "northeurope",
- "plan": [
- {
- "product": "OMSGallery/SQLVulnerabilityAssessment",
- "promotion_code": null,
- "publisher": "Microsoft"
- }
- ],
- "resource_group_name": "root-id-1-mgmt",
- "solution_name": "SQLVulnerabilityAssessment",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework/management"
- },
- "timeouts": null,
- "workspace_name": "root-id-1-la",
- "workspace_resource_id": "/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la"
- },
- "sensitive_values": {
- "plan": [
- {}
- ],
- "tags": {}
- }
- },
- {
- "address": "module.test_management.azurerm_log_analytics_workspace.management[\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la\"]",
- "mode": "managed",
- "type": "azurerm_log_analytics_workspace",
- "name": "management",
- "index": "/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt/providers/Microsoft.OperationalInsights/workspaces/root-id-1-la",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 3,
- "values": {
- "allow_resource_only_permissions": true,
- "cmk_for_query_forced": null,
- "daily_quota_gb": -1,
- "internet_ingestion_enabled": true,
- "internet_query_enabled": true,
- "local_authentication_disabled": false,
- "location": "northeurope",
- "name": "root-id-1-la",
- "reservation_capacity_in_gb_per_day": null,
- "resource_group_name": "root-id-1-mgmt",
- "retention_in_days": 60,
- "sku": "PerGB2018",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework/management"
- },
- "timeouts": null
- },
- "sensitive_values": {
- "tags": {}
- }
- },
- {
- "address": "module.test_management.azurerm_resource_group.management[\"/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt\"]",
- "mode": "managed",
- "type": "azurerm_resource_group",
- "name": "management",
- "index": "/subscriptions/a9d8bda7-a341-4fe2-bfbf-61145868379e/resourceGroups/root-id-1-mgmt",
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "location": "northeurope",
- "managed_by": null,
- "name": "root-id-1-mgmt",
- "tags": {
- "deployedBy": "terraform/azure/caf-enterprise-scale/test_framework/management"
- },
- "timeouts": null
- },
- "sensitive_values": {
- "tags": {}
- }
- },
- {
- "address": "module.test_management.azurerm_subscription_template_deployment.telemetry_core[0]",
- "mode": "managed",
- "type": "azurerm_subscription_template_deployment",
- "name": "telemetry_core",
- "index": 0,
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "debug_level": null,
- "location": "northeurope",
- "tags": null,
- "template_content": "{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{\"telemetry\":{\"type\":\"String\",\"value\":\"For more information, see https://aka.ms/alz/tf/telemetry\"}},\"parameters\":{},\"resources\":[],\"variables\":{}}",
- "template_spec_version_id": null,
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_management.azurerm_subscription_template_deployment.telemetry_management[0]",
- "mode": "managed",
- "type": "azurerm_subscription_template_deployment",
- "name": "telemetry_management",
- "index": 0,
- "provider_name": "registry.terraform.io/hashicorp/azurerm",
- "schema_version": 0,
- "values": {
- "debug_level": null,
- "location": "northeurope",
- "tags": null,
- "template_content": "{\"$schema\":\"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\"contentVersion\":\"1.0.0.0\",\"outputs\":{\"telemetry\":{\"type\":\"String\",\"value\":\"For more information, see https://aka.ms/alz/tf/telemetry\"}},\"parameters\":{},\"resources\":[],\"variables\":{}}",
- "template_spec_version_id": null,
- "timeouts": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_management.random_id.telem[0]",
- "mode": "managed",
- "type": "random_id",
- "name": "telem",
- "index": 0,
- "provider_name": "registry.terraform.io/hashicorp/random",
- "schema_version": 0,
- "values": {
- "byte_length": 4,
- "keepers": null,
- "prefix": null
- },
- "sensitive_values": {}
- },
- {
- "address": "module.test_management.time_sleep.after_azurerm_management_group",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_management_group",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_management_group_level_1": "[]",
- "azurerm_management_group_level_2": "[]",
- "azurerm_management_group_level_3": "[]",
- "azurerm_management_group_level_4": "[]",
- "azurerm_management_group_level_5": "[]",
- "azurerm_management_group_level_6": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_management.time_sleep.after_azurerm_policy_assignment",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_assignment",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_management_group_policy_assignment_enterprise_scale": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_management.time_sleep.after_azurerm_policy_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_policy_definition_enterprise_scale": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_management.time_sleep.after_azurerm_policy_set_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_policy_set_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "30s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_policy_set_definition_enterprise_scale": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_management.time_sleep.after_azurerm_role_assignment",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_role_assignment",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "0s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_role_assignment_enterprise_scale": "[]",
- "module_role_assignments_for_policy": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- },
- {
- "address": "module.test_management.time_sleep.after_azurerm_role_definition",
- "mode": "managed",
- "type": "time_sleep",
- "name": "after_azurerm_role_definition",
- "provider_name": "registry.terraform.io/hashicorp/time",
- "schema_version": 0,
- "values": {
- "create_duration": "60s",
- "destroy_duration": "0s",
- "triggers": {
- "azurerm_role_definition_enterprise_scale": "[]"
- }
- },
- "sensitive_values": {
- "triggers": {}
- }
- }
- ],
- "address": "module.test_management"
- }
- ]
- }
-}
diff --git a/tests/modules/test_003_add_mgmt_conn/main.tf b/tests/modules/test_003_add_mgmt_conn/main.tf
index a7a4c978f..cc7c70f77 100644
--- a/tests/modules/test_003_add_mgmt_conn/main.tf
+++ b/tests/modules/test_003_add_mgmt_conn/main.tf
@@ -21,7 +21,7 @@ module "test_core" {
# Configuration settings for optional landing zones
deploy_corp_landing_zones = true
deploy_online_landing_zones = true
- deploy_sap_landing_zones = true
+ deploy_sap_landing_zones = false
deploy_demo_landing_zones = false
# Configure path for custom library folder and
diff --git a/tests/modules/test_003_add_mgmt_conn/settings.tf b/tests/modules/test_003_add_mgmt_conn/settings.tf
index 55d45dc1d..77100b399 100644
--- a/tests/modules/test_003_add_mgmt_conn/settings.tf
+++ b/tests/modules/test_003_add_mgmt_conn/settings.tf
@@ -1,6 +1,9 @@
# Obtain configuration settings.
module "settings" {
source = "../settings"
+ providers = {
+ azurerm = azurerm.management
+ }
root_id = var.root_id
primary_location = var.primary_location
diff --git a/tests/modules/test_003_add_mgmt_conn/terraform.tf b/tests/modules/test_003_add_mgmt_conn/terraform.tf
index ed80d4e44..dd5cd3f33 100644
--- a/tests/modules/test_003_add_mgmt_conn/terraform.tf
+++ b/tests/modules/test_003_add_mgmt_conn/terraform.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "3.74.0"
+ version = "3.107.0"
configuration_aliases = [
azurerm.connectivity,
azurerm.management,
diff --git a/tests/pipelines/templates/tests-common.yml b/tests/pipelines/templates/tests-common.yml
index 2fc5b2acb..b26210907 100644
--- a/tests/pipelines/templates/tests-common.yml
+++ b/tests/pipelines/templates/tests-common.yml
@@ -14,14 +14,7 @@ steps:
- task: GoTool@0
displayName: "Install Go"
inputs:
- version: '1.18'
- condition: and(succeeded(), eq('${{ parameters.run_type }}', 'unit'))
-
- - task: Bash@3
- displayName: "Install conftest"
- inputs:
- targetType: "inline"
- script: "make opa-install"
+ version: "1.22.3"
condition: and(succeeded(), eq('${{ parameters.run_type }}', 'unit'))
- task: Bash@3
diff --git a/tests/pipelines/templates/tests-loop.yml b/tests/pipelines/templates/tests-loop.yml
index 7a57702d6..b3cd20b4c 100644
--- a/tests/pipelines/templates/tests-loop.yml
+++ b/tests/pipelines/templates/tests-loop.yml
@@ -26,15 +26,6 @@ steps:
TEST_MODULE_PATH: "${{ parameters.module_path }}"
condition: and(succeeded(), in('${{ parameters.run_type }}', 'unit'))
- - task: Bash@3
- displayName: "[conftest run]"
- inputs:
- targetType: "inline"
- script: "make opa-run-tests"
- env:
- TEST_MODULE_PATH: "${{ parameters.module_path }}"
- condition: and(succeeded(), eq('${{ parameters.run_type }}', 'unit'))
-
- task: Bash@3
displayName: "[terraform apply]"
inputs:
diff --git a/tests/scripts/azp-strategy.ps1 b/tests/scripts/azp-strategy.ps1
index 893a0d7ea..4c22f79ef 100755
--- a/tests/scripts/azp-strategy.ps1
+++ b/tests/scripts/azp-strategy.ps1
@@ -42,7 +42,7 @@ function Get-RandomId {
$terraformVersionsResponse = Invoke-RestMethod -Method Get -Uri $terraformUrl -FollowRelLink
$terraformVersionsAll = $terraformVersionsResponse.name -replace "v", ""
-$terraformVersions = @("1.3.1")
+$terraformVersions = @("1.7.0")
$terraformVersions += $terraformVersionsAll | Where-Object { $_ -match "^1(\.\d{1,2}){1,2}$" } | Select-Object -First 1
$terraformVersions = $terraformVersions | Sort-Object
@@ -51,11 +51,11 @@ $terraformVersionsCount = $terraformVersions.Count
#######################################
# Terraform AzureRM Provider Versions
-# - Base Version: (3.74.0)
+# - Base Version: (3.107.0)
# - Latest Versions: (latest 1)
#######################################
-$azurermProviderVersionBase = "3.74.0"
+$azurermProviderVersionBase = "3.107.0"
$azurermProviderVersionLatest = (Invoke-RestMethod -Method Get -Uri $azurermProviderUrl).version
#######################################
diff --git a/tests/scripts/x-manual_tidy-e2e.ps1 b/tests/scripts/x-manual_tidy-e2e.ps1
index 93f4635dd..1a3eedb69 100644
--- a/tests/scripts/x-manual_tidy-e2e.ps1
+++ b/tests/scripts/x-manual_tidy-e2e.ps1
@@ -2,10 +2,79 @@
# This filter is for safety, replace with the start of the ID for the runs you want to delete without impacting other runs
$filters = @(
- "463u20kp",
- "8zdf1q2o",
- "9mpgz7qk",
- "pxrhm8ks"
+ "hashiconf-sub-vending",
+ "avm-res-authorization-roleassignment",
+ "root-piranha",
+ "ox-alz-root",
+ "root-raptor",
+ "glider-alz-root",
+ "Enterprise-Scale",
+ "e2e-test-cglccqrhmz",
+ "e2e-test-qjiwmwbvos",
+ "e2e-test-naoawvutfb",
+ "e2e-test-jovacoxblp",
+ "lfni1wmu",
+ "chitsa1n",
+ "e2e-test-maqilulmew",
+ "e2e-test-souvvezrrb",
+ "e2e-test-brgayempso",
+ "e2e-test-fkazvydndn",
+ "e2e-test-iwzoqxfiem",
+ "e2e-test-dgelbtarrb",
+ "e2e-test-xonfqgboql",
+ "e2e-test-zudkugieeh",
+ "e2e-test-xrimnnxetj",
+ "e2e-test-dolljzkxks",
+ "e2e-test-itpfuivnul",
+ "e2e-test-btkidndxld",
+ "e2e-test-bmsnfwyndx",
+ "e2e-test-fpyyjsoezi",
+ "e2e-test-eyxyknxygb",
+ "e2e-test-ggjqinnmrk",
+ "e2e-test-nhikgbadoj",
+ "e2e-test-szjhjphmrl",
+ "e2e-test-iwqprsfoyd",
+ "e2e-test-zhaqsxqpum",
+ "e2e-test-qyhevrhnsc",
+ "e2e-test-aboemjacou",
+ "e2e-test-yneiwxhxhe",
+ "e2e-test-cvbvqgdbhg",
+ "e2e-test-ypxltbdaut",
+ "e2e-test-kuhlucteus",
+ "e2e-test-ndrmevzfyf",
+ "e2e-test-awlpgjfsvt",
+ "e2e-test-bfnbkdvmjj",
+ "e2e-test-grefiddptu",
+ "e2e-test-sbxcwcofnj",
+ "e2e-test-mvhsgubssj",
+ "e2e-test-gmhvwmmqvo",
+ "e2e-test-founxmcuwn",
+ "e2e-test-dtkrmutwra",
+ "e2e-test-xjnthpqklb",
+ "e2e-test-lqyhicoayr",
+ "e2e-test-duryevxfel",
+ "e2e-test-argamdfiqj",
+ "e2e-test-ukpdxvaliy",
+ "e2e-test-kipowtjurw",
+ "e2e-test-zdrmobmnnt",
+ "e2e-test-ygsanqrukh",
+ "e2e-test-lnxuqkarxh",
+ "e2e-test-wuqveboblb",
+ "e2e-test-zosuwckpgl",
+ "e2e-test-qbrejtkiot",
+ "e2e-test-mlbpdnozrb",
+ "e2e-test-upjqcxazim",
+ "e2e-test-zqdeubombs",
+ "e2e-test-yvrlujqnrt",
+ "e2e-test-ubaifeijmd",
+ "e2e-test-oabmyzefgi",
+ "e2e-test-atsuctrcql",
+ "e2e-test-atnodnredf",
+ "e2e-test-otzrsisddf",
+ "e2e-test-zvayuisakl",
+ "e2e-test-illrlfkonj",
+ "n5itwyk7",
+ "bfz9e4la"
)
Write-Information "Deleting Management Groups" -InformationAction Continue
diff --git a/tests/terratest/go.mod b/tests/terratest/go.mod
index 9eab9bdeb..b7e915a4d 100644
--- a/tests/terratest/go.mod
+++ b/tests/terratest/go.mod
@@ -1,60 +1,66 @@
module terratest
-go 1.21
+go 1.22.0
-toolchain go1.21.0
+toolchain go1.22.3
require (
- github.com/Azure/terratest-terraform-fluent v0.6.2
- github.com/stretchr/testify v1.8.4
+ github.com/Azure/terratest-terraform-fluent v0.8.1
+ github.com/stretchr/testify v1.9.0
)
require (
- cloud.google.com/go v0.110.8 // indirect
- cloud.google.com/go/compute v1.23.1 // indirect
- cloud.google.com/go/compute/metadata v0.2.3 // indirect
- cloud.google.com/go/iam v1.1.3 // indirect
- cloud.google.com/go/storage v1.33.0 // indirect
+ cloud.google.com/go v0.114.0 // indirect
+ cloud.google.com/go/auth v0.5.1 // indirect
+ cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
+ cloud.google.com/go/compute v1.27.0 // indirect
+ cloud.google.com/go/compute/metadata v0.3.0 // indirect
+ cloud.google.com/go/iam v1.1.8 // indirect
+ cloud.google.com/go/storage v1.41.0 // indirect
+ filippo.io/edwards25519 v1.1.0 // indirect
github.com/agext/levenshtein v1.2.3 // indirect
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
- github.com/aws/aws-sdk-go v1.45.28 // indirect
+ github.com/aws/aws-sdk-go v1.53.17 // indirect
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
github.com/boombuler/barcode v1.0.1 // indirect
- github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
+ github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
- github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+ github.com/emicklei/go-restful/v3 v3.12.1 // indirect
+ github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-errors/errors v1.5.1 // indirect
- github.com/go-logr/logr v1.2.4 // indirect
- github.com/go-openapi/jsonpointer v0.20.0 // indirect
- github.com/go-openapi/jsonreference v0.20.2 // indirect
- github.com/go-openapi/swag v0.22.4 // indirect
- github.com/go-sql-driver/mysql v1.7.1 // indirect
+ github.com/go-logr/logr v1.4.2 // indirect
+ github.com/go-logr/stdr v1.2.2 // indirect
+ github.com/go-openapi/jsonpointer v0.21.0 // indirect
+ github.com/go-openapi/jsonreference v0.21.0 // indirect
+ github.com/go-openapi/swag v0.23.0 // indirect
+ github.com/go-sql-driver/mysql v1.8.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
- github.com/golang/protobuf v1.5.3 // indirect
+ github.com/golang/protobuf v1.5.4 // indirect
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/s2a-go v0.1.7 // indirect
- github.com/google/uuid v1.3.1 // indirect
- github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
- github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+ github.com/google/uuid v1.6.0 // indirect
+ github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+ github.com/googleapis/gax-go/v2 v2.12.4 // indirect
+ github.com/gorilla/websocket v1.5.1 // indirect
github.com/gruntwork-io/go-commons v0.17.1 // indirect
- github.com/gruntwork-io/terratest v0.46.1 // indirect
+ github.com/gruntwork-io/terratest v0.46.15 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-getter v1.7.4 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-safetemp v1.0.0 // indirect
- github.com/hashicorp/go-version v1.6.0 // indirect
- github.com/hashicorp/hcl/v2 v2.19.1 // indirect
- github.com/hashicorp/terraform-json v0.17.1 // indirect
+ github.com/hashicorp/go-version v1.7.0 // indirect
+ github.com/hashicorp/hcl/v2 v2.20.1 // indirect
+ github.com/hashicorp/terraform-json v0.22.1 // indirect
github.com/imdario/mergo v0.3.16 // indirect
github.com/jinzhu/copier v0.4.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
- github.com/klauspost/compress v1.17.1 // indirect
+ github.com/klauspost/compress v1.17.8 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-zglob v0.0.4 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -64,46 +70,54 @@ require (
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/pquerna/otp v1.4.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
- github.com/tidwall/gjson v1.17.0 // indirect
+ github.com/tidwall/gjson v1.17.1 // indirect
github.com/tidwall/match v1.1.1 // indirect
github.com/tidwall/pretty v1.2.1 // indirect
- github.com/tmccombs/hcl2json v0.6.0 // indirect
- github.com/ulikunitz/xz v0.5.11 // indirect
- github.com/urfave/cli/v2 v2.25.7 // indirect
- github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
- github.com/zclconf/go-cty v1.14.1 // indirect
+ github.com/tmccombs/hcl2json v0.6.3 // indirect
+ github.com/ulikunitz/xz v0.5.12 // indirect
+ github.com/urfave/cli/v2 v2.27.2 // indirect
+ github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
+ github.com/zclconf/go-cty v1.14.4 // indirect
go.opencensus.io v0.24.0 // indirect
- golang.org/x/crypto v0.17.0 // indirect
- golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
- golang.org/x/net v0.17.0 // indirect
- golang.org/x/oauth2 v0.13.0 // indirect
- golang.org/x/sync v0.4.0 // indirect
- golang.org/x/sys v0.15.0 // indirect
- golang.org/x/term v0.15.0 // indirect
- golang.org/x/text v0.14.0 // indirect
- golang.org/x/time v0.3.0 // indirect
+ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect
+ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect
+ go.opentelemetry.io/otel v1.27.0 // indirect
+ go.opentelemetry.io/otel/metric v1.27.0 // indirect
+ go.opentelemetry.io/otel/trace v1.27.0 // indirect
+ golang.org/x/crypto v0.24.0 // indirect
+ golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 // indirect
+ golang.org/x/mod v0.18.0 // indirect
+ golang.org/x/net v0.26.0 // indirect
+ golang.org/x/oauth2 v0.21.0 // indirect
+ golang.org/x/sync v0.7.0 // indirect
+ golang.org/x/sys v0.21.0 // indirect
+ golang.org/x/term v0.21.0 // indirect
+ golang.org/x/text v0.16.0 // indirect
+ golang.org/x/time v0.5.0 // indirect
+ golang.org/x/tools v0.22.0 // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
- google.golang.org/api v0.147.0 // indirect
+ google.golang.org/api v0.183.0 // indirect
google.golang.org/appengine v1.6.8 // indirect
- google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
- google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
- google.golang.org/grpc v1.59.0 // indirect
- google.golang.org/protobuf v1.31.0 // indirect
+ google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect
+ google.golang.org/grpc v1.64.0 // indirect
+ google.golang.org/protobuf v1.34.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
- k8s.io/api v0.28.3 // indirect
- k8s.io/apimachinery v0.28.3 // indirect
- k8s.io/client-go v0.28.3 // indirect
- k8s.io/klog/v2 v2.100.1 // indirect
- k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
- k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+ k8s.io/api v0.30.1 // indirect
+ k8s.io/apimachinery v0.30.1 // indirect
+ k8s.io/client-go v0.30.1 // indirect
+ k8s.io/klog/v2 v2.120.1 // indirect
+ k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect
+ k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
- sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
- sigs.k8s.io/yaml v1.3.0 // indirect
+ sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+ sigs.k8s.io/yaml v1.4.0 // indirect
)
diff --git a/tests/terratest/go.sum b/tests/terratest/go.sum
index bec112afb..cd1d3da27 100644
--- a/tests/terratest/go.sum
+++ b/tests/terratest/go.sum
@@ -32,6 +32,8 @@ cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34h
cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA=
cloud.google.com/go v0.110.8 h1:tyNdfIxjzaWctIiLYOTalaLKZ17SI44SKFW26QbOhME=
cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk=
+cloud.google.com/go v0.114.0 h1:OIPFAdfrFDFO2ve2U7r/H5SwSbBzEdrBdE7xkgwc+kY=
+cloud.google.com/go v0.114.0/go.mod h1:ZV9La5YYxctro1HTPug5lXH/GefROyW8PPD4T8n9J8E=
cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw=
cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY=
cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI=
@@ -46,6 +48,10 @@ cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjby
cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY=
cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw=
cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI=
+cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw=
+cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s=
+cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=
+cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q=
cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0=
cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8=
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
@@ -70,8 +76,12 @@ cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQH
cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU=
cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3hR0=
cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78=
+cloud.google.com/go/compute v1.27.0 h1:EGawh2RUnfHT5g8f/FX3Ds6KZuIBC77hZoDrBvEZw94=
+cloud.google.com/go/compute v1.27.0/go.mod h1:LG5HwRmWFKM2C5XxHRiNzkLLXW48WwvyVC0mfWsYPOM=
cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
+cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I=
cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4=
cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0=
@@ -111,6 +121,8 @@ cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp
cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc=
cloud.google.com/go/iam v1.1.3 h1:18tKG7DzydKWUnLjonWcJO6wjSCAtzh4GcRKlH/Hrzc=
cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQyY5SE=
+cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0=
+cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE=
cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic=
cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI=
cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8=
@@ -173,6 +185,8 @@ cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeL
cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s=
cloud.google.com/go/storage v1.33.0 h1:PVrDOkIC8qQVa1P3SXGpQvfuJhN2LHOoyZvWs8D2X5M=
cloud.google.com/go/storage v1.33.0/go.mod h1:Hhh/dogNRGca7IWv1RC2YqEn0c0G77ctA/OxflYkiD8=
+cloud.google.com/go/storage v1.41.0 h1:RusiwatSu6lHeEXe3kglxakAmAbfV+rhtPqA6i8RBx0=
+cloud.google.com/go/storage v1.41.0/go.mod h1:J1WCa/Z2FcgdEDuPUY8DxT5I+d9mFKsCepp5vR6Sq80=
cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw=
cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g=
cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU=
@@ -185,8 +199,12 @@ cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuW
cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0=
cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
github.com/Azure/terratest-terraform-fluent v0.6.2 h1:5/nCvS/JF3v95DXxhERqMXKKlRF7kiLIWKAq4rzchR4=
github.com/Azure/terratest-terraform-fluent v0.6.2/go.mod h1:8YZJNfEu2fSDeRLz5W/2vUgZYHYFNXSMXh+3u/CA3o0=
+github.com/Azure/terratest-terraform-fluent v0.8.1 h1:nBi1qvQK5yQhginX/Hg45DtoVqCaI49fCm9odKd3WJo=
+github.com/Azure/terratest-terraform-fluent v0.8.1/go.mod h1:Qcuo6erKth1TBOYvYpBChvuhphBSq93l/SItxXg9nmo=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
@@ -200,6 +218,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
github.com/aws/aws-sdk-go v1.45.28 h1:p2ATcaK6ffSw4yZ2UAGzgRyRXwKyOJY6ZCiKqj5miJE=
github.com/aws/aws-sdk-go v1.45.28/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.53.17 h1:TwtYMzVBTaqPVj/pcemHRIgk01OycWEcEUyUUX0tpCI=
+github.com/aws/aws-sdk-go v1.53.17/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
@@ -224,12 +244,16 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=
github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
+github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -241,6 +265,8 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.
github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
@@ -248,18 +274,31 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
+github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M=
@@ -300,6 +339,8 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -332,6 +373,7 @@ github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIG
github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw=
github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
+github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc=
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@@ -354,11 +396,15 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg=
github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ=
github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
@@ -370,18 +416,29 @@ github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqE
github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY=
github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
+github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg=
+github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI=
github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
+github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
github.com/gruntwork-io/go-commons v0.17.1 h1:2KS9wAqrgeOTWj33DSHzDNJ1FCprptWdLFqej+wB8x0=
github.com/gruntwork-io/go-commons v0.17.1/go.mod h1:S98JcR7irPD1bcruSvnqupg+WSJEJ6xaM89fpUZVISk=
github.com/gruntwork-io/terratest v0.46.1 h1:dJ/y2/Li6yCDIc8KXY8PfydtrMRiXFb3UZm4LoPShPI=
github.com/gruntwork-io/terratest v0.46.1/go.mod h1:gl//tb5cLnbpQs1FTSNwhsrbhsoG00goCJPfOnyliiU=
+github.com/gruntwork-io/terratest v0.46.15 h1:qfqjTFveymaqe7aAWn3LjlK0SwVGpRfoOut5ggNyfQ8=
+github.com/gruntwork-io/terratest v0.46.15/go.mod h1:9bd22zAojjBBiYdsp+AR1iyl2iB6bRUVm2Yf1AFhfrA=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+<<<<<<< feat/ama
+github.com/hashicorp/go-getter v1.7.3 h1:bN2+Fw9XPFvOCjB0UOevFIMICZ7G2XSQHzfvLUyOM5E=
+github.com/hashicorp/go-getter v1.7.3/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
+=======
+>>>>>>> main
github.com/hashicorp/go-getter v1.7.4 h1:3yQjWuxICvSpYwqSayAdKRFcvBl1y/vogCxczWSmix0=
github.com/hashicorp/go-getter v1.7.4/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
@@ -390,12 +447,18 @@ github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhE
github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I=
github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
+github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI=
github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE=
+github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc=
+github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4=
github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA=
github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o=
+github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec=
+github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
@@ -417,6 +480,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
github.com/klauspost/compress v1.17.1 h1:NE3C767s2ak2bweCZo3+rdP4U/HoyVXLv/X9f2gPS5g=
github.com/klauspost/compress v1.17.1/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
+github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -449,6 +514,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE=
github.com/onsi/ginkgo/v2 v2.9.4/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM=
github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
@@ -483,8 +550,12 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM=
github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U=
+github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
@@ -492,13 +563,21 @@ github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
github.com/tmccombs/hcl2json v0.6.0 h1:Qc5NL4NQbpNnw8w8HQcA3GsVHvQDJXJwVTUxf2AEhOs=
github.com/tmccombs/hcl2json v0.6.0/go.mod h1:QNirG4H64ZvlFsy9werRxXlWNTDR1GhWzXkjqPILHwo=
+github.com/tmccombs/hcl2json v0.6.3 h1:yfZO7FYuWxSBAkxN1Dw+O9bjnK12vdwCDtSJDzw7haw=
+github.com/tmccombs/hcl2json v0.6.3/go.mod h1:VaIUbPyWiGThEKOsVZis0QHfMCnHLqD3IEbggSvQ8eY=
github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
+github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs=
github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
+github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI=
+github.com/urfave/cli/v2 v2.27.2/go.mod h1:g0+79LmHHATl7DAcHO99smiR/T7uGLw84w8Y42x+4eM=
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -507,6 +586,8 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
github.com/zclconf/go-cty v1.14.1 h1:t9fyA35fwjjUMcmL5hLER+e/rEPqrbCK1/OSE4SI9KA=
github.com/zclconf/go-cty v1.14.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
+github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8=
+github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -516,6 +597,16 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 h1:9l89oX4ba9kHbBol3Xin3leYJ+252h0zszDtBwyKe2A=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0/go.mod h1:XLZfZboOJWHNKUv7eH0inh0E9VV6eWDFB/9yJyTLPp0=
+go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg=
+go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ=
+go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik=
+go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak=
+go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw=
+go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4=
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -525,6 +616,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
+golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -537,6 +630,8 @@ golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EH
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
+golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM=
+golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -563,6 +658,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
+golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -612,6 +709,8 @@ golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfS
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -639,6 +738,8 @@ golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri
golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -655,6 +756,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -720,11 +823,15 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
+golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -738,11 +845,15 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -799,6 +910,8 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
+golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
+golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -859,6 +972,8 @@ google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ
google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70=
google.golang.org/api v0.147.0 h1:Can3FaQo9LlVqxJCodNmeZW/ib3/qKAY3rFeXiHo5gc=
google.golang.org/api v0.147.0/go.mod h1:pQ/9j83DcmPd/5C9e2nFOdjjNkDZ1G+zkbK2uvdkJMs=
+google.golang.org/api v0.183.0 h1:PNMeRDwo1pJdgNcFQ9GstuLe/noWKIc89pRWRLMvLwE=
+google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -971,10 +1086,16 @@ google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz
google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s=
google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA=
google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI=
+google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 h1:HCZ6DlkKtCDAtD8ForECsY3tKuaR+p4R3grlK80uCCc=
+google.golang.org/genproto v0.0.0-20240604185151-ef581f913117/go.mod h1:lesfX/+9iA+3OdqeCpoDddJaNxVB1AB6tD7EfqMmprc=
google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k=
google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870=
+google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU=
+google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo=
google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo=
google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1012,6 +1133,8 @@ google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD
google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
+google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
+google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1030,6 +1153,8 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
@@ -1055,16 +1180,28 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM=
k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc=
+k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY=
+k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM=
k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A=
k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8=
+k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U=
+k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4=
k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo=
+k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q=
+k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc=
k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
+k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
+k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA=
+k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc=
k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak=
+k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
@@ -1072,5 +1209,9 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMm
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/variables.tf b/variables.tf
index 5b8fe85fb..e510f656d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -75,36 +75,32 @@ variable "deploy_diagnostics_for_mg" {
variable "configure_management_resources" {
type = object({
settings = optional(object({
+ ama = optional(object({
+ enable_uami = optional(bool, true)
+ enable_vminsights_dcr = optional(bool, true)
+ enable_change_tracking_dcr = optional(bool, true)
+ enable_mdfc_defender_for_sql_dcr = optional(bool, true)
+ enable_mdfc_defender_for_sql_query_collection_for_security_research = optional(bool, true)
+ }), {})
log_analytics = optional(object({
enabled = optional(bool, true)
config = optional(object({
- retention_in_days = optional(number, 30)
- enable_monitoring_for_vm = optional(bool, true)
- enable_monitoring_for_vmss = optional(bool, true)
- enable_solution_for_agent_health_assessment = optional(bool, true)
- enable_solution_for_anti_malware = optional(bool, true)
- enable_solution_for_change_tracking = optional(bool, true)
- enable_solution_for_service_map = optional(bool, false)
- enable_solution_for_sql_assessment = optional(bool, true)
- enable_solution_for_sql_vulnerability_assessment = optional(bool, true)
- enable_solution_for_sql_advanced_threat_detection = optional(bool, true)
- enable_solution_for_updates = optional(bool, true)
- enable_solution_for_vm_insights = optional(bool, true)
- enable_solution_for_container_insights = optional(bool, true)
- enable_sentinel = optional(bool, true)
+ retention_in_days = optional(number, 30)
+ enable_monitoring_for_vm = optional(bool, true)
+ enable_monitoring_for_vmss = optional(bool, true)
+ enable_sentinel = optional(bool, true)
+ enable_change_tracking = optional(bool, true)
}), {})
}), {})
security_center = optional(object({
enabled = optional(bool, true)
config = optional(object({
email_security_contact = optional(string, "security_contact@replace_me")
- enable_defender_for_apis = optional(bool, true)
enable_defender_for_app_services = optional(bool, true)
enable_defender_for_arm = optional(bool, true)
enable_defender_for_containers = optional(bool, true)
enable_defender_for_cosmosdbs = optional(bool, true)
enable_defender_for_cspm = optional(bool, true)
- enable_defender_for_dns = optional(bool, true)
enable_defender_for_key_vault = optional(bool, true)
enable_defender_for_oss_databases = optional(bool, true)
enable_defender_for_servers = optional(bool, true)
@@ -176,9 +172,11 @@ variable "configure_connectivity_resources" {
virtual_network_gateway = optional(object({
enabled = optional(bool, false)
config = optional(object({
- address_prefix = optional(string, "")
- gateway_sku_expressroute = optional(string, "")
- gateway_sku_vpn = optional(string, "")
+ address_prefix = optional(string, "")
+ gateway_sku_expressroute = optional(string, "")
+ gateway_sku_vpn = optional(string, "")
+ remote_vnet_traffic_enabled = optional(bool, false)
+ virtual_wan_traffic_enabled = optional(bool, false)
advanced_vpn_settings = optional(object({
enable_bgp = optional(bool, null)
active_active = optional(bool, null)
@@ -342,6 +340,9 @@ variable "configure_connectivity_resources" {
azure_api_management = optional(bool, true)
azure_app_configuration_stores = optional(bool, true)
azure_arc = optional(bool, true)
+ azure_arc_guest_configuration = optional(bool, true)
+ azure_arc_hybrid_resource_provider = optional(bool, true)
+ azure_arc_kubernetes = optional(bool, true)
azure_automation_dscandhybridworker = optional(bool, true)
azure_automation_webhook = optional(bool, true)
azure_backup = optional(bool, true)
@@ -364,6 +365,7 @@ variable "configure_connectivity_resources" {
azure_database_for_mariadb_server = optional(bool, true)
azure_database_for_mysql_server = optional(bool, true)
azure_database_for_postgresql_server = optional(bool, true)
+ azure_databricks = optional(bool, true)
azure_digital_twins = optional(bool, true)
azure_event_grid_domain = optional(bool, true)
azure_event_grid_topic = optional(bool, true)
@@ -377,9 +379,11 @@ variable "configure_connectivity_resources" {
azure_kubernetes_service_management = optional(bool, true)
azure_machine_learning_workspace = optional(bool, true)
azure_managed_disks = optional(bool, true)
+ azure_managed_grafana = optional(bool, true)
azure_media_services = optional(bool, true)
azure_migrate = optional(bool, true)
azure_monitor = optional(bool, true)
+ azure_openai_service = optional(bool, true)
azure_purview_account = optional(bool, true)
azure_purview_studio = optional(bool, true)
azure_relay_namespace = optional(bool, true)
@@ -390,6 +394,7 @@ variable "configure_connectivity_resources" {
azure_synapse_analytics_dev = optional(bool, true)
azure_synapse_analytics_sql = optional(bool, true)
azure_synapse_studio = optional(bool, true)
+ azure_virtual_desktop = optional(bool, true)
azure_web_apps_sites = optional(bool, true)
azure_web_apps_static_sites = optional(bool, true)
cognitive_services_account = optional(bool, true)