Skip to content

Commit

Permalink
feat: update platform/amba library (automated)
Browse files Browse the repository at this point in the history
  • Loading branch information
@actions-user
actions-user committed Jan 16, 2025
1 parent 3c1c485 commit f716557
Show file tree
Hide file tree
Showing 15 changed files with 1,940 additions and 13 deletions.
4 changes: 4 additions & 0 deletions platform/amba/archetype_definitions/root.alz_archetype_definition.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,16 @@
],
"policy_definitions": [
"Deploy_AA_TotalJob_Alert",
"Deploy_ActivityLog_AppInsights_Delete",
"Deploy_activitylog_Firewall_Delete",
"Deploy_activitylog_KeyVault_Delete",
"Deploy_activitylog_LAWorkspace_Delete",
"Deploy_activitylog_LAWorkspace_KeyRegen",
"Deploy_ActivityLog_ManagedHSMs_Delete",
"Deploy_activitylog_NSG_Delete",
"Deploy_activitylog_ResourceHealth_Unhealthy_Alert",
"Deploy_activitylog_RouteTable_Delete",
"Deploy_activitylog_RouteTable_Routes_Delete",
"Deploy_activitylog_RouteTable_Update",
"Deploy_activitylog_ServiceHealth_HealthAdvisory",
"Deploy_activitylog_ServiceHealth_Incident",
Expand All @@ -36,6 +39,7 @@
"Deploy_ALB_HealthProbeStatus_Alert",
"Deploy_ALB_UsedSNATPorts_Alert",
"Deploy_AlertProcessing_Rule",
"Deploy_AppInsightsThrottlingLimit_Alert",
"Deploy_DNSZ_RegistrationCapacityUtil_Alert",
"Deploy_ERCIR_ArpAvailability_Alert",
"Deploy_ERCIR_BgpAvailability_Alert",
Expand Down
6 changes: 6 additions & 0 deletions platform/amba/policy_assignments/deploy_amba_connectivity.alz_policy_assignment.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,12 @@
"activityNSGDeletePolicyEffect": {
"value": "deployIfNotExists"
},
"activityUDRDeletePolicyEffect": {
"value": "deployIfNotExists"
},
"activityUDRRoutesDeletePolicyEffect": {
"value": "deployIfNotExists"
},
"activityUDRUpdatePolicyEffect": {
"value": "deployIfNotExists"
},
Expand Down
6 changes: 6 additions & 0 deletions platform/amba/policy_assignments/deploy_amba_networkchang.alz_policy_assignment.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,12 @@
"activityNSGDeletePolicyEffect": {
"value": "deployIfNotExists"
},
"activityUDRDeletePolicyEffect": {
"value": "deployIfNotExists"
},
"activityUDRRoutesDeletePolicyEffect": {
"value": "deployIfNotExists"
},
"activityUDRUpdatePolicyEffect": {
"value": "deployIfNotExists"
}
Expand Down
3 changes: 3 additions & 0 deletions platform/amba/policy_assignments/deploy_amba_notification.alz_policy_assignment.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,9 @@
"_deployed_by_alz_monitor": true
}
},
"ALZNotificationAssetSuffix": {
"value": "-001"
},
"ALZWebhookServiceUri": {
"value": []
},
Expand Down
26 changes: 26 additions & 0 deletions platform/amba/policy_assignments/deploy_amba_web.alz_policy_assignment.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@
}
],
"parameters": {
"ALZManagementSubscriptionId": {
"value": ""
},
"ALZMonitorDisableTagName": {
"value": "MonitorDisable"
},
Expand All @@ -29,6 +32,26 @@
"Sandbox"
]
},
"ALZMonitorResourceGroupLocation": {
"value": "eastus"
},
"ALZMonitorResourceGroupName": {
"value": "rg-amba-alz-prod-001"
},
"ALZMonitorResourceGroupTags": {
"value": {
"_deployed_by_alz_monitor": true
}
},
"ALZUserAssignedManagedIdentityName": {
"value": "id-amba-alz-arg-reader-prod-001"
},
"AppInsightsThrottlingLimitPolicyEffect": {
"value": "deployIfNotExists"
},
"BYOUserAssignedManagedIdentityResourceId": {
"value": ""
},
"WSFCPUPercentagePolicyEffect": {
"value": "deployIfNotExists"
},
Expand All @@ -40,6 +63,9 @@
},
"WSFMemoryPercentagePolicyEffect": {
"value": "deployIfNotExists"
},
"activityAppInsightsDeletePolicyEffect": {
"value": "deployIfNotExists"
}
},
"metadata": {
Expand Down
284 changes: 284 additions & 0 deletions .../amba/policy_definitions/Deploy_ActivityLog_AppInsights_Delete.alz_policy_definition.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,284 @@
{
"name": "Deploy_ActivityLog_AppInsights_Delete",
"properties": {
"description": "Policy to Deploy Activity Log Application Insights Delete Alert",
"displayName": "Deploy Activity Log Application Insights Delete Alert (Preview)",
"metadata": {
"_deployed_by_amba": "True",
"alzCloudEnvironments": [
"AzureCloud"
],
"category": "Monitoring",
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"version": "1.0.0"
},
"mode": "All",
"parameters": {
"MonitorDisableTagName": {
"defaultValue": "MonitorDisable",
"metadata": {
"description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
"displayName": "ALZ Monitoring disabled tag name"
},
"type": "String"
},
"MonitorDisableTagValues": {
"defaultValue": [
"true",
"Test",
"Dev",
"Sandbox"
],
"metadata": {
"description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.",
"displayName": "ALZ Monitoring disabled tag values(s)"
},
"type": "Array"
},
"alertResourceGroupLocation": {
"defaultValue": "centralus",
"metadata": {
"description": "Location of the Resource group the alert is placed in",
"displayName": "Resource Group Location"
},
"type": "String"
},
"alertResourceGroupName": {
"defaultValue": "rg-amba-monitoring-001",
"metadata": {
"description": "Resource group the alert is placed in",
"displayName": "Resource Group Name"
},
"type": "String"
},
"alertResourceGroupTags": {
"defaultValue": {
"_deployed_by_amba": true
},
"metadata": {
"description": "Tags on the Resource group the alert is placed in",
"displayName": "Resource Group Tags"
},
"type": "Object"
},
"effect": {
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists",
"metadata": {
"description": "Effect of the policy",
"displayName": "Effect"
},
"type": "String"
},
"enabled": {
"allowedValues": [
"true",
"false"
],
"defaultValue": "true",
"metadata": {
"description": "Alert state for the alert",
"displayName": "Alert State"
},
"type": "String"
}
},
"policyRule": {
"if": {
"allOf": [
{
"equals": "microsoft.insights/components",
"field": "type"
},
{
"field": "[concat('tags[', parameters('MonitorDisableTagName'), ']')]",
"notIn": "[parameters('MonitorDisableTagValues')]"
}
]
},
"then": {
"details": {
"deployment": {
"location": "northeurope",
"properties": {
"mode": "incremental",
"parameters": {
"alertResourceGroupLocation": {
"value": "[parameters('alertResourceGroupLocation')]"
},
"alertResourceGroupName": {
"value": "[parameters('alertResourceGroupName')]"
},
"alertResourceGroupTags": {
"value": "[parameters('alertResourceGroupTags')]"
},
"enabled": {
"value": "[parameters('enabled')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertResourceGroupLocation": {
"type": "string"
},
"alertResourceGroupName": {
"type": "string"
},
"alertResourceGroupTags": {
"type": "object"
},
"enabled": {
"type": "string"
}
},
"resources": [
{
"apiVersion": "2021-04-01",
"location": "[parameters('alertResourceGroupLocation')]",
"name": "[parameters('alertResourceGroupName')]",
"tags": "[parameters('alertResourceGroupTags')]",
"type": "Microsoft.Resources/resourceGroups"
},
{
"apiVersion": "2019-10-01",
"dependsOn": [
"[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]"
],
"name": "ActivityAppInsightsDeleteAlert",
"properties": {
"mode": "Incremental",
"parameters": {
"alertResourceGroupName": {
"value": "[parameters('alertResourceGroupName')]"
},
"enabled": {
"value": "[parameters('enabled')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertResourceGroupName": {
"type": "string"
},
"enabled": {
"type": "string"
}
},
"resources": [
{
"apiVersion": "2020-10-01",
"location": "global",
"name": "ActivityAppInsightsDelete",
"properties": {
"condition": {
"allOf": [
{
"equals": "Administrative",
"field": "category"
},
{
"equals": "Microsoft.Insights/Components/Delete",
"field": "operationName"
},
{
"containsAny": [
"succeeded"
],
"field": "status"
}
]
},
"description": "Activity Log Application Insights Delete Alert",
"displayName": "Application Insights Resource Delete Alert (Preview)",
"enabled": "[parameters('enabled')]",
"parameters": {
"enabled": {
"value": "[parameters('enabled')]"
}
},
"scopes": [
"[subscription().id]"
]
},
"tags": {
"_deployed_by_amba": true
},
"type": "microsoft.insights/activityLogAlerts"
}
],
"variables": {}
}
},
"resourceGroup": "[parameters('alertResourceGroupName')]",
"type": "Microsoft.Resources/deployments"
}
],
"variables": {}
}
}
},
"deploymentScope": "subscription",
"existenceCondition": {
"allOf": [
{
"equals": "[parameters('enabled')]",
"field": "Microsoft.Insights/ActivityLogAlerts/enabled"
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
"where": {
"anyOf": [
{
"allOf": [
{
"equals": "category",
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field"
},
{
"equals": "Administrative",
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals"
}
]
},
{
"allOf": [
{
"equals": "operationName",
"field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field"
},
{
"equals": "Microsoft.Insights/Components/Delete",
"field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals"
}
]
}
]
}
},
"equals": 2
}
]
},
"existenceScope": "resourcegroup",
"name": "ActivityAppInsightsDelete",
"resourceGroupName": "[parameters('alertResourceGroupName')]",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/activityLogAlerts"
},
"effect": "[parameters('effect')]"
}
},
"policyType": "Custom"
},
"type": "Microsoft.Authorization/policyDefinitions"
}
Loading

0 comments on commit f716557

Please sign in to comment.