Giter Club home page Giter Club logo

terraform-azurerm-azopsreference's Introduction

ARCHIVED - terraform-azurerm-azopsreference

๐Ÿšจ Please use the official ALZ Terraform module at https://aka.ms/alz/tf ๐Ÿšจ

This module contains the reference Azure policy & initiative (policySet) definitions from Enterprise-Scale.

It will deploy the definitions to the supplied Azure AD Management Group.

Usage

Deploying the Definitions

It is very simple to get the policies deployed:

module "azopsreference" {
  source                = "github.com/terraform-azurerm-modules/terraform-azurerm-azopsreference?ref=v0.1.0"
  management_group_name = azurerm_management_group.mymg.name
}

Note: Update the reference to match the version you want to use

Using the Outputs

Each policy & initiative definition has its own output, allowing you to reference the policy definition in an assignment:

resource "azurerm_policy_assignment" "deploy_diag_loganalytics" {
  name                 = "Deploy-Diag-LogAnalytics"
  scope                = azurerm_management_group.mymg.id
  policy_definition_id = module.azopsreference.policysetdefinition_deploy_diag_loganalytics.id
  description          = "Ensure resources have diagnostic settings configured to forward to Log Analytics"
  display_name         = "Deploy-Diag-LogAnalytics"
  location             = var.default_location

  identity {
    type = "SystemAssigned"
  }

  parameters = <<PARAMETERS
{
  "logAnalytics": {
    "value": "${azurerm_log_analytics_workspace.mgmt.id}"
  }
}
PARAMETERS

}

For initiatives (policySets), there is an additional output, an array of all the contained policy definition objects. This can be useful when creating remediation tasks for each of the definitions:

resource "azurerm_policy_remediation" "deploy_diag_loganalytics" {
  count                          = length(module.azopsreference.diagnostic_policy_definitions)
  name                           = lower(module.azopsreference.diagnostic_policy_definitions[count.index].name)
  scope                          = azurerm_management_group.es.id
  policy_assignment_id           = azurerm_policy_assignment.deploy_diag_loganalytics.id
  policy_definition_reference_id = replace(module.azopsreference.diagnostic_policy_definitions[count.index].name, "-", "")
}

Auto Generation

This Terraform is automatically generated from the JSON files from Enterprise Scale. You can see the GitHub action and script that accomplished this in this repo.

terraform-azurerm-azopsreference's People

Contributors

github-actions[bot] avatar matt-ffffff avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

njsee arvindmits jonjin86 jtracey93 lokeshk3 boost-entropy-repos-org lincwest mjhageek devopsarchitect1

terraform-azurerm-azopsreference's Issues

Parameter value capitalization

Describe the bug
Module and definitions deployed fine.
Any subsequent plans include 84 changes for the parameter values to be changed e.g. "String" to "string". The value is lower case in the source TF definitions and I assume the Azure platform capitalizes it once pushed.

You can amend manually in the local module files as a workaround.

Steps to reproduce

Screenshots
image

image

Enterprise Scale repo no longer has docs/reference/wingtip/armtemplates

With this commit the enterprise scale repo no longer has the path docs/reference/wingtip/armtemplates and has converged to single implementation.

The readme file of this repo says to reference the github actions pipeline to determine how the policy templates were pulled in and generated but still references the older repository folder structure which caused some confusion and a bit of digging to find out what had changed.

For the next update programmatic update to this repo, the github actions pipeline and supporting scripts will likely need to be updated.

Thanks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.