From 8c951ac5239744cf3040cd26c5e95170462ff0d4 Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Tue, 3 Sep 2024 14:09:07 +0400 Subject: [PATCH] AMBA Enhanced Feature Portal Update (#1751) --- docs/wiki/Whats-new.md | 11 +- eslzArm/eslz-portal.json | 372 ++++++++++++++++++++++++++++++++++----- eslzArm/eslzArm.json | 232 ++++++++++++++++++------ 3 files changed, 517 insertions(+), 98 deletions(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 7ba8cc9c38..b5a86325d0 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -1,6 +1,7 @@ ## In this Section - [Updates](#updates) + - [September 2024](#september-2024) - [August 2024](#august-2024) - [July 2024](#july-2024) - [June 2024](#june-2024) @@ -17,10 +18,7 @@ - [November 2023](#november-2023) - [October 2023](#october-2023) - [September 2023](#september-2023) - - [August 2023](#august-2023) - - [July 2023](#july-2023) - - [June 2023](#june-2023) - - [Previous Updates](#may-2023) + - [Previous Updates](#august-2023) --- @@ -48,6 +46,10 @@ This article will be updated as and when changes are made to the above and anyth Here's what's changed in Enterprise Scale/Azure Landing Zones: +### September 2024 + +- Updated the Azure Monitoring Baseline Alerts (AMBA) integration section in the portal accelerator to include new features exposed by the AMBA solution. To read more on the changes https://azure.github.io/azure-monitor-baseline-alerts/patterns/alz/Whats-New/ + ### August 2024 > NOTE TO CONTRIBUTORS: Due to security compliance requirements, we've made core changes that mean we no longer automatically build the policies, initiatives and roles templates after changes in the `src` folder are committed. This means that you as a contributor must run the bicep build commands to generate the required outputs as part of your pull request. Depending on the files you've updated these are the commands (assuming you have bicep installed): @@ -66,6 +68,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Fixed a bug that had ALZ-LITE deployments try to connect DNS zones twice for single regions deployment. + ### July 2024 #### Policy diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json index b3e6849917..da822df35c 100644 --- a/eslzArm/eslz-portal.json +++ b/eslzArm/eslz-portal.json @@ -922,6 +922,25 @@ }, "bladeTitle": "ALZ - Baseline Alerts", "elements": [ + { + "name": "esAmbaTitle", + "type": "Microsoft.Common.Section", + "label": "Azure Monitor Baseline Alerts (AMBA)", + "elements": [ + { + "name": "esAmbaDescription", + "type": "Microsoft.Common.TextBlock", + "visible": true, + "options": { + "text": "AMBA for ALZ is a best practice collection of alerts for resources commonly deployed into Azure landing zones and demonstrates how to deploy alerts at scale using Azure Policy.", + "link": { + "label": "Learn more", + "uri": "https://aka.ms/amba/alz" + } + } + } + ] + }, { "name": "baselinealertsintro", "type": "Microsoft.Common.InfoBox", @@ -932,6 +951,26 @@ "style": "Info" } }, + { + "name": "enableServiceHealth", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy Service Health Alerts", + "defaultValue": "Yes (highly recommended)", + "toolTip": "If 'Yes' is selected Azure Monitor Baseline Alerts - Service Health alerts will be enabled on subscriptions in scope. For more information on what is included in the Service Health initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details", + "constraints": { + "allowedValues": [ + { + "label": "Yes (highly recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, { "name": "enableMonitorBaselines", "type": "Microsoft.Common.OptionsGroup", @@ -952,32 +991,6 @@ }, "visible": true }, - { - "name": "monitorAlertsResourceGroup", - "type": "Microsoft.Common.TextBox", - "label": "Resource group for baseline alerts", - "toolTip": "Resource group for activity log alerts and action groups. Will be created in all subscriptions in scope for the policy", - "visible": "[equals(steps('monitor').enableMonitorBaselines,'Yes')]", - "defaultValue": "rg-amba-monitoring-001", - "constraints": { - "required": "[equals(steps('monitor').enableMonitorBaselines,'Yes')]", - "regex": "^[a-zA-Z0-9][a-zA-Z0-9-_.()]{0,89}[a-zA-Z0-9]$", - "validationMessage": "Please provide a valid resource group name" - } - }, - { - "name": "emailContactActionGroup", - "type": "Microsoft.Common.TextBox", - "label": "Email contact for action group notifications", - "toolTip": "Email address to get email notifications from alerts", - "visible": "[equals(steps('monitor').enableMonitorBaselines,'Yes')]", - "defaultValue": "", - "constraints": { - "required": "[equals(steps('monitor').enableMonitorBaselines,'Yes')]", - "regex": "^[\\w-\\.]+@([\\w-]+\\.)+[\\w-]{2,4}$", - "validationMessage": "Please provide a valid email address" - } - }, { "name": "enableMonitorConnectivity", "type": "Microsoft.Common.OptionsGroup", @@ -1039,24 +1052,282 @@ "visible": "[equals(steps('monitor').enableMonitorBaselines,'Yes')]" }, { - "name": "enableMonitorLandingZones", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable Azure Monitor Baseline Alerts for Landing Zones", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected the Deploy Azure Monitor Baseline Alerts for Landing Zone policy initiative is assigned to the Landing Zones management group. This will ensure that relevant new resources created within that scope are configured with appropriate baseline alerts. For more details on what is included in the initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details.", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" + "name": "esAmbaCategoryConfig", + "type": "Microsoft.Common.Section", + "label": "Resource category alert enablement for Landing Zones", + "elements": [ + { + "name": "esAmbaEnableInfo", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "You can selectively enable/disable Azure Monitor Baseline Alerts configuration for resource categories applied to the Landing Zones management group.", + "style": "Info" } - ] - }, + }, + { + "name": "enableAMBAHybridVM", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable AMBA for Azure Arc-enabled Servers", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected the Deploy Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers policy initiative is assigned to the Landing Zones management group. This will ensure that relevant new resources created within that scope are configured with appropriate baseline alerts. For more details on what is included in the initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "enableAMBAKeyManagement", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable AMBA for Key Management Services", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected the Deploy Azure Monitor Baseline Alerts to monitor Key Management Services, such as Azure Key Vault and Managed HSM, policy initiative is assigned to the Landing Zones management group. This will ensure that relevant new resources created within that scope are configured with appropriate baseline alerts. For more details on what is included in the initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "enableAMBALoadBalancing", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable AMBA for Load Balancing Services", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected the Deploy Azure Monitor Baseline Alerts to monitor Load Balancing Services, such as Load Balancer, Application Gateway, Traffic Manager and Azure Front Door, policy initiative is assigned to the Landing Zones management group. This will ensure that relevant new resources created within that scope are configured with appropriate baseline alerts. For more details on what is included in the initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "enableAMBANetworkChanges", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable AMBA for alterations in Network Routing and Security", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected the Deploy Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups, policy initiatives is assigned to the Landing Zones management group. This will ensure that relevant new resources created within that scope are configured with appropriate baseline alerts. For more details on what is included in the initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "enableAMBARecoveryServices", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable AMBA for Recovery Services", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected the Deploy Azure Monitor Baseline Alerts to monitor Recovery Services, such as Azure Backup and Azure Site Recovery, policy initiatives is assigned to the Landing Zones management group. This will ensure that relevant new resources created within that scope are configured with appropriate baseline alerts. For more details on what is included in the initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "enableAMBAStorage", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable AMBA for Storage Services", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected the Deploy Azure Monitor Baseline Alerts to monitor Storage Services, such as Storage accounts, policy initiatives is assigned to the Landing Zones management group. This will ensure that relevant new resources created within that scope are configured with appropriate baseline alerts. For more details on what is included in the initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "enableAMBAVM", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable AMBA for Azure Virtual Machines", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected the Deploy Azure Monitor Baseline Alerts to monitor Azure Virtual Machines policy initiatives is assigned to the Landing Zones management group. This will ensure that relevant new resources created within that scope are configured with appropriate baseline alerts. For more details on what is included in the initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "enableAMBAWeb", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable AMBA for Web Services", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected the Deploy Azure Monitor Baseline Alerts to monitor Web Services, such as App Services, policy initiatives is assigned to the Landing Zones management group. This will ensure that relevant new resources created within that scope are configured with appropriate baseline alerts. For more details on what is included in the initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + } + ], "visible": "[equals(steps('monitor').enableMonitorBaselines,'Yes')]" + }, + { + "name": "esAmbaAgConfig", + "type": "Microsoft.Common.Section", + "label": "Action Group configuration", + "elements": [ + { + "name": "esAmbaAgInfo", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "Action groups in Azure Monitor allow for the creation of a set of actions that will be carried out when an alert is activated. Azure Monitor Baseline Alerts can incorporate various actions including Azure Function, Event Hub, and Logic App into their configuration. However, it's important to note that these actions are contingent upon the prior existence of the Azure Function, Event Hub, or Logic App resources. To set up these actions, please proceed with the current deployment, deploy the preferred resource you intend to use for actions, and then utilize the AMBA Portal Accelerator to implement the updated configuration.", + "uri": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-subscriptions#organization-and-governance-design-considerations", + "style": "Info" + } + }, + { + "name": "monitorAlertsResourceGroup", + "type": "Microsoft.Common.TextBox", + "label": "Resource group for baseline alerts", + "toolTip": "Resource group for activity log alerts and action groups. Will be created in all subscriptions in scope for the policy", + "visible": "true", + "defaultValue": "rg-amba-monitoring-001", + "constraints": { + "required": "[equals(steps('monitor').enableMonitorBaselines,'Yes')]", + "regex": "^[a-zA-Z0-9][a-zA-Z0-9-_.()]{0,89}[a-zA-Z0-9]$", + "validationMessage": "Please provide a valid resource group name" + } + }, + { + "name": "userAssignedManagedIdentityName", + "type": "Microsoft.Common.TextBox", + "label": "User Assigned Managed Identity Name", + "subLabel": "", + "defaultValue": "id-amba-prod-001", + "toolTip": "Specify the name of the user assigned managed identity for monitoring purpose.", + "constraints": { + "required": true, + "regex": "", + "validationMessage": "", + "validations": [] + }, + "infoMessages": [], + "visible": true + }, + { + "name": "ambaAgEmailContact", + "type": "Microsoft.Common.TextBox", + "label": "Email contact for action group notifications", + "toolTip": "Email address to get email notifications from alerts", + "visible": "true", + "defaultValue": "", + "constraints": { + "required": false, + "regex": "^[\\w-\\.]+@([\\w-]+\\.)+[\\w-]{2,4}$", + "validationMessage": "Please provide a valid email address" + } + }, + { + "name": "ambaAgServiceHook", + "type": "Microsoft.Common.TextBox", + "label": "Web Hook URI for action group notifications", + "toolTip": "Web Hook URI to forward alerts to for integration with third-party systems", + "visible": "true", + "defaultValue": "", + "constraints": {} + }, + { + "name": "ambaAgArmRole", + "type": "Microsoft.Common.DropDown", + "label": "ARM Roles for action group notifications", + "defaultValue": ["Owner"], + "multiselect": true, + "selectAll": true, + "filter": false, + "multiLine": false, + "toolTip": "Choose the ARM RBAC roles that should receive alerts.", + "constraints": { + "allowedValues": [ + { + "label": "Owner", + "value": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" + }, + { + "label": "Contributor", + "value": "b24988ac-6180-42a0-ab88-20f7382dd24c" + }, + { + "label": "Monitoring Contributor", + "value": "749f88d5-cbae-40b8-bcfc-e573ddc772fa" + }, + { + "label": "Monitoring Reader", + "value": "43d0d8ad-25c7-4714-9337-8ba259a9fe05" + } + ] + }, + "visible": true + } + ], + "visible": "[or(equals(steps('monitor').enableMonitorBaselines,'Yes'), equals(steps('monitor').enableServiceHealth,'Yes'))]" } ] }, @@ -9010,13 +9281,24 @@ "enableAscForCspm": "[steps('management').enableAscForCspm]", "enableAscForContainers": "[steps('management').enableAscForContainers]", "enableMDEndpoints": "[steps('management').enableMDEndpoints]", + "enableServiceHealth": "[steps('monitor').enableServiceHealth]", "enableMonitorBaselines": "[steps('monitor').enableMonitorBaselines]", - "monitorAlertsResourceGroup": "[steps('monitor').monitorAlertsResourceGroup]", - "emailContactActionGroup": "[steps('monitor').emailContactActionGroup]", + "monitorAlertsResourceGroup": "[steps('monitor').esAmbaAgConfig.monitorAlertsResourceGroup]", + "userAssignedManagedIdentityName": "[steps('monitor').esAmbaAgConfig.userAssignedManagedIdentityName]", + "ambaAgEmailContact": "[steps('monitor').esAmbaAgConfig.ambaAgEmailContact]", + "ambaAgArmRole": "[steps('monitor').esAmbaAgConfig.ambaAgArmRole]", + "ambaAgServiceHook": "[steps('monitor').esAmbaAgConfig.ambaAgServiceHook]", "enableMonitorConnectivity": "[steps('monitor').enableMonitorConnectivity]", "enableMonitorIdentity": "[steps('monitor').enableMonitorIdentity]", "enableMonitorManagement": "[steps('monitor').enableMonitorManagement]", - "enableMonitorLandingZones": "[steps('monitor').enableMonitorLandingZones]", + "enableAMBAHybridVM": "[steps('monitor').esAmbaCategoryConfig.enableAMBAHybridVM]", + "enableAMBAKeyManagement": "[steps('monitor').esAmbaCategoryConfig.enableAMBAKeyManagement]", + "enableAMBALoadBalancing": "[steps('monitor').esAmbaCategoryConfig.enableAMBALoadBalancing]", + "enableAMBANetworkChanges": "[steps('monitor').esAmbaCategoryConfig.enableAMBANetworkChanges]", + "enableAMBARecoveryServices": "[steps('monitor').esAmbaCategoryConfig.enableAMBARecoveryServices]", + "enableAMBAStorage": "[steps('monitor').esAmbaCategoryConfig.enableAMBAStorage]", + "enableAMBAVM": "[steps('monitor').esAmbaCategoryConfig.enableAMBAVM]", + "enableAMBAWeb": "[steps('monitor').esAmbaCategoryConfig.enableAMBAWeb]", "connectivitySubscriptionId": "[if(not(equals(steps('connectivity').esNwSubSection.esNwSub,steps('management').esMgmtSubSection.esMgmtSub)),steps('connectivity').esNwSubSection.esNwSub,'')]", "addressPrefix": "[coalesce(steps('connectivity').esAddressHubVWAN, steps('connectivity').esAddressHubHS, '')]", "connectivityLocation": "[steps('connectivity').connectivityLocation]", diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index 6e0058c4db..0f8b64a859 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -207,6 +207,21 @@ ], "defaultValue": "Disabled" }, + "enableSecuritySolution": { + "type": "string", + "defaultValue": "Yes", + "allowedValues": [ + "Yes", + "No" + ] + }, + "enableServiceHealth": { + "type": "string", + "defaultValue": "Yes", + "metadata": { + "description": "If 'Yes' is selected, ARM will assign a policy initiative to deploy alerting for Service Health in your environment. If 'No', it will be ignored." + } + }, "enableMonitorBaselines": { "type": "string", "defaultValue": "", @@ -239,30 +254,99 @@ "description": "If 'Yes' is selected, ARM will assign a policy initiative to deploy alerting for select management resources in your environment. If 'No', it will be ignored." } }, - "enableMonitorLandingZones": { + "monitorAlertsResourceGroup": { "type": "string", "defaultValue": "", - "maxLength": 36, + "maxLength": 90, "metadata": { - "description": "If 'Yes' is selected, ARM will assign a policy initiative to deploy alerting for select resources in your environment. If 'No', it will be ignored." + "description": "Name of the resource group to be created for monitoring resources in each subscription." } }, - "monitorAlertsResourceGroup": { + "userAssignedManagedIdentityName": { "type": "string", "defaultValue": "", "maxLength": 90, "metadata": { - "description": "Name of the resource group to be created for monitoring resources in each subscription." + "description": "The name of the user assigned managed identity for monitoring purpose." } }, - "emailContactActionGroup": { + "ambaAgEmailContact": { "type": "string", "defaultValue": "", - "maxLength": 36, "metadata": { "description": "Email address for alerting purposes." } }, + "ambaAgServiceHook": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Service Hook URI for action group notifications." + } + }, + "ambaAgArmRole": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "ARM roles for action group notifications." + } + }, + "enableAMBAHybridVM": { + "type": "string", + "defaultValue": "Yes", + "metadata": { + "description": "Assign HybridVM initiative" + } + }, + "enableAMBAKeyManagement": { + "type": "string", + "defaultValue": "Yes", + "metadata": { + "description": "Assign Key Management initiative" + } + }, + "enableAMBALoadBalancing": { + "type": "string", + "defaultValue": "Yes", + "metadata": { + "description": "Assign Load Balancing initiative" + } + }, + "enableAMBANetworkChanges": { + "type": "string", + "defaultValue": "Yes", + "metadata": { + "description": "Assign Network Changes initiative" + } + }, + "enableAMBARecoveryServices": { + "type": "string", + "defaultValue": "Yes", + "metadata": { + "description": "Assign Recovery Services initiative" + } + }, + "enableAMBAStorage": { + "type": "string", + "defaultValue": "Yes", + "metadata": { + "description": "Assign Storage initiative" + } + }, + "enableAMBAVM": { + "type": "string", + "defaultValue": "Yes", + "metadata": { + "description": "Assign VM initiative" + } + }, + "enableAMBAWeb": { + "type": "string", + "defaultValue": "Yes", + "metadata": { + "description": "Assign Web initiative" + } + }, "connectivitySubscriptionId": { "type": "string", "defaultValue": "", @@ -1568,7 +1652,7 @@ }, // Declaring root uris for external dependency repositories. "rootUris": { - "monitorRepo": "https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/2023-11-14/" + "monitorRepo": "https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/2024-09-02/" }, // Declaring all required deployment uri's used for deployments of composite ARM templates for ESLZ "azPrivateDnsPolicyAssignmentMapping": { @@ -2149,34 +2233,62 @@ "enableAMBAIdentity": { "value": "[parameters('enableMonitorIdentity')]" }, - "enableAMBALandingZone": { - "value": "[parameters('enableMonitorLandingZones')]" - }, "enableAMBAManagement": { "value": "[parameters('enableMonitorManagement')]" }, "enableAMBAServiceHealth": { - "value": "[parameters('enableMonitorBaselines')]" + "value": "[parameters('enableServiceHealth')]" + }, + "userAssignedManagedIdentityName": { + "value": "[parameters('userAssignedManagedIdentityName')]" + }, + "ALZWebhookServiceUri": { + "value": "[array(parameters('ambaAgServiceHook'))]" + }, + "ALZArmRoleId": { + "value": "[array(parameters('ambaAgArmRole'))]" }, "delayCount": { "value": "[parameters('delayCount')]" }, - "policyAssignmentParametersCommon": { - "value": { - "alzMonitorResourceGroupName": { - "value": "[parameters('monitorAlertsResourceGroup')]" - }, - "alzMonitorResourceGroupLocation": { - "value": "[deployment().location]" - } - } + "ALZMonitorResourceGroupName": { + "value": "[parameters('monitorAlertsResourceGroup')]" }, - "policyAssignmentParametersServiceHealth": { - "value": { - "alzMonitorActionGroupEmail": { - "value": "[parameters('emailContactActionGroup')]" - } - } + "ALZMonitorResourceGroupLocation": { + "value": "[deployment().location]" + }, + "ALZMonitorActionGroupEmail": { + "value": "[array(parameters('ambaAgEmailContact'))]" + }, + "managementSubscriptionId": { + "value": "[parameters('managementSubscriptionId')]" + }, + "enableAMBAHybridVM": { + "value": "[parameters('enableAMBAHybridVM')]" + }, + "enableAMBAKeyManagement": { + "value": "[parameters('enableAMBAKeyManagement')]" + }, + "enableAMBALoadBalancing": { + "value": "[parameters('enableAMBALoadBalancing')]" + }, + "enableAMBANetworkChanges": { + "value": "[parameters('enableAMBANetworkChanges')]" + }, + "enableAMBARecoveryServices": { + "value": "[parameters('enableAMBARecoveryServices')]" + }, + "enableAMBAStorage": { + "value": "[parameters('enableAMBAStorage')]" + }, + "enableAMBAVM": { + "value": "[parameters('enableAMBAVM')]" + }, + "enableAMBAWeb": { + "value": "[parameters('enableAMBAWeb')]" + }, + "deployALZPortalAccelerator": { + "value": "Yes" } } } @@ -2209,13 +2321,13 @@ "value": "[variables('mgmtGroups').platform]" }, "IdentityManagementGroup": { - "value": "[variables('mgmtGroups').platform]" + "value": "[variables('mgmtGroups').identity]" }, "managementManagementGroup": { - "value": "[variables('mgmtGroups').platform]" + "value": "[variables('mgmtGroups').management]" }, "connectivityManagementGroup": { - "value": "[variables('mgmtGroups').platform]" + "value": "[variables('mgmtGroups').connectivity]" }, "LandingZoneManagementGroup": { "value": "[variables('mgmtGroups').lzs]" @@ -2226,34 +2338,56 @@ "enableAMBAIdentity": { "value": "[parameters('enableMonitorIdentity')]" }, - "enableAMBALandingZone": { - "value": "[parameters('enableMonitorLandingZones')]" - }, "enableAMBAManagement": { "value": "[parameters('enableMonitorManagement')]" }, "enableAMBAServiceHealth": { - "value": "[parameters('enableMonitorBaselines')]" + "value": "[parameters('enableServiceHealth')]" + }, + "userAssignedManagedIdentityName": { + "value": "[parameters('userAssignedManagedIdentityName')]" + }, + "ALZWebhookServiceUri": { + "value": "[array(parameters('ambaAgServiceHook'))]" + }, + "ALZArmRoleId": { + "value": "[array(parameters('ambaAgArmRole'))]" }, "delayCount": { "value": "[parameters('delayCount')]" }, - "policyAssignmentParametersCommon": { - "value": { - "alzMonitorResourceGroupName": { - "value": "[parameters('monitorAlertsResourceGroup')]" - }, - "alzMonitorResourceGroupLocation": { - "value": "[deployment().location]" - } - } + "ALZMonitorResourceGroupName": { + "value": "[parameters('monitorAlertsResourceGroup')]" }, - "policyAssignmentParametersServiceHealth": { - "value": { - "alzMonitorActionGroupEmail": { - "value": "[parameters('emailContactActionGroup')]" - } - } + "ALZMonitorResourceGroupLocation": { + "value": "[deployment().location]" + }, + "ALZMonitorActionGroupEmail": { + "value": "[array(parameters('ambaAgEmailContact'))]" + }, + "managementSubscriptionId": { + "value": "[parameters('managementSubscriptionId')]" + }, + "enableAMBALoadBalancing": { + "value": "[parameters('enableAMBALoadBalancing')]" + }, + "enableAMBANetworkChanges": { + "value": "[parameters('enableAMBANetworkChanges')]" + }, + "enableAMBARecoveryServices": { + "value": "[parameters('enableAMBARecoveryServices')]" + }, + "enableAMBAStorage": { + "value": "[parameters('enableAMBAStorage')]" + }, + "enableAMBAVM": { + "value": "[parameters('enableAMBAVM')]" + }, + "enableAMBAWeb": { + "value": "[parameters('enableAMBAWeb')]" + }, + "deployALZPortalAccelerator": { + "value": "Yes" } } }