[Question/Feedback]: Create deployable Policy Initiatives from Azure Resources templates for Landing Zones

Question

[Question/Feedback]: Create deployable Policy Initiatives from Azure Resources templates for Landing Zones

Opened this issue 2 months ago · 5 comments

Check for previous/existing GitHub issues

I have checked for previous/existing GitHub issues

Description

Hello Team,

The AMBA website currently offers a variety of templates for Azure Alerts creation as ARM and BICEP templates. However, these are challenging to implement on a large scale. It would be beneficial to create an Azure Policy Initiative for "Landing Zones"(there is already one for "Platform") to ensure that Azure Alerts are automatically deployed when a policy identifies the presence of a resource within its scope.

Tagging for visibility: @arjenhuitema

Answer 1 · 2024-05-15T12:01:53.000Z

Hello @nekdima ,
thanks for your feedback. We already ave a policy for LandingZone as documented in the Policy Initiatives page. More in particular there's a list included policy in the Landing Zone initiative paragraph.

Let us know if this helps.

Thanks,
Bruno.

Answer 2 · 2024-05-15T12:15:56.000Z

Hey @Brunoga-MS ,

Thank you for the prompt reply. I'm aware of this initiative, however it's covering just a few resources like VM, AGW, PIP & KeyVault. What about all the other resources one can have? There are many Azure Alerts (including auto generated ones) which are listed in the spreadsheet but aren't part of the initiative and exist only in the form of ARM/BICEP template.

My customer had the expectation that all of these will be a part of the LZ Initiative.

Answer 3 · 2024-05-15T12:19:49.000Z

Hey @nekdima ,
We started by including alerts which are used the most. Can you provide a list of prioritized alerts your customer would like to have included so we can go ahead and investigate?

Thanks,
Bruno.

Answer 4 · 2024-05-15T12:28:10.000Z

Hey @Brunoga-MS,

You might consider concentrating on the items listed under "Azure Resources" on the AMBA website. Although they are all currently listed, there is no scalable method to deploy them as a policy.

Answer 5 · 2024-05-15T13:13:40.000Z

@nekdima thanks for your feedback on this, I'm tagging @JoeyBarnes who owns AMBA all up to provide a response. @Brunoga-MS, @arjenhuitema and myself manage the ALZ Pattern which includes Policies.