Releases: Azure/terraform-azurerm-caf-enterprise-scale
v6.0.0
Overview/Summary
This will be in the next major release, following the update of Azure Landing Zones with it's major policy refresh and move to Azure Monitoring Agent from Microsoft Monitoring Agent.
See the AMA blog.
Incorporates the following changes from upstream
Changes from our awesome community
- #918 (thanks @chrsundermann!)
- #925 (thanks @nyanhp!)
- #952 (thanks @Keetika-Yogendra!)
‼️ Breaking Changes
- Minimum AzureRM provider version now
3.107.0
- Minimum AzAPI provider version now
1.13.1
- Minimum Terraform version now
1.7.0
- Minimum AzAPI verison now
1.13.1
var.configure_management_resources
schema change, removing legacy components and adding support for AMA resources
Upgrade guide
Acknowledgements
Thanks to:
- @JamesDLD for providing a helpful contribution for the DCRs
- @jaredfholgate for the policy sync process work and code review
- @arjenhuitema for his awesome work on the AMA design
- @Springstone for an awesome policy refresh effort
- @jtracey93 for his technical assurance and oversight
v5.2.1
Patch Release
This patch release includes an update to resolve the bug raised in #794.
What's Changed
The issue relates to the managed identity created as part of policy assignment deploy-private-dns-zones
not having adequate permissions to add/update Host A records within the private DNS zone in the connectivity
subscription. This change adds a role assignment for the policy MI principal ID with Private DNS Zone Contributor
to the connectivity
management group.
- updates to resolve issue #794 by @ATuckwell in #919
New Contributors
@ATuckwell made their first contribution in #919
Full Changelog: v5.2.0...v5.2.1
v5.2.0
Minor version release
This release is a minor version release.
Breaking Changes
Since pushing this release we discovered a breaking change for some users. The threat_intelligence_allowlist
variable has change from list
to map
type. The default empty value in our examples should now be {}
. If you are using this variable, you will need to update to the new data structure.
More details here: https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v5.1.0-to-v5.2.0
What's Changed
- chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /tests/terratest by @dependabot in #899
- fix: threat_intelligence_allowlist by @matt-FFFFFF in #907
- fix(outputs): set Log Analytics workspaces and Automation Accounts as senstive outputs by @Laudenlaruto in #901
- Add support for user managed identity for policy assignments (re-submission) by @LaurentLesle in #867
- fix: updating Private DNS Zone resource ID from dnszones to dnsZones by @tobiasehlert in #910
- feat(connectivity): Add option to set allow_non_virtual_wan_traffic in express route gateway. by @Slapper in #914
New Contributors
- @Laudenlaruto made their first contribution in #901
- @tobiasehlert made their first contribution in #910
- @Slapper made their first contribution in #914
Full Changelog: v5.1.0...v5.2.0
v5.1.0
What's Changed
- feat(connectivity): custom Settings for Virtual Hub connection names by @birdnathan in #885
New Contributors
- @birdnathan made their first contribution in #885
Full Changelog: v5.0.3...v5.1.0
v5.0.3
What's Changed
- Fix routing intent deployment issue in virtual wan by @LaurentLesle in #870
Full Changelog: v5.0.2...v5.0.3
v5.0.2
What's Changed
- Fix: DNS Proxy Removal on FW whilst Upgrading by @luke-taylor in #859
Full Changelog: v5.0.1...v5.0.2
v5.0.1
v5.0.0
Breaking changes
Strict subscription association no longer default
We have changed the default from true
to false
to better work with subscription vending.
Please see the module upgrade guide for more detail on this breaking change:
https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Upgrade-from-v4.2.0-to-v5.0.0
What's Changed
- Docs: Fix documentation for recent policy updates by @jaredfholgate in #798
- Update Library Templates (automated) by @cae-pr-creator in #799
- Update ALZ Repo (Terraform) with Entra product names by @lachaves in #805
- docs: fix policy enforcement override example by @jaredfholgate in #808
- Bump actions/checkout from 3 to 4 by @dependabot in #807
- Bump tibdex/github-app-token from 1 to 2 by @dependabot in #813
- Add Routing Intent by @luke-taylor in #822
- Add Italy North and avoid casing issues by @jaredfholgate in #834
- Add support for user managed identity for policy assignments by @LaurentLesle in #806
- fix: revert user-assigned managed identity by @matt-FFFFFF in #844
- feat: strict subs no longer default by @matt-FFFFFF in #836
- Update dynamic overrides section for in and not_in by @MISO-mgriffin in #840
- fix: bug-vpn_client_config by @gogondi1 in #835
- Update Library Templates (automated) by @cae-pr-creator in #827
- Remove Basic SKU requirement on AzureFirewallManagementSubnet by @ryan-royals in #845
- Update Library Templates (automated) by @cae-pr-creator in #846
New Contributors
- @LaurentLesle made their first contribution in #806
- @MISO-mgriffin made their first contribution in #840
- @ryan-royals made their first contribution in #845
- @gogondi1 made their first contribution in #835
Full Changelog: v4.2.0...v5.0.0
v4.2.0
What's Changed
New policies and archetype updates from upstream + some bugs fixed.
- Add long region display names for backup DNS zones by @jtracey93 in #778
- Update Library Templates (automated) by @cae-pr-creator in #779
- bug-29716 by @pradorodriguez in #775
- feat: release 4.2.0 by @matt-FFFFFF in #782
New Contributors
- @pradorodriguez made their first contribution in #775
Full Changelog: v4.1.0...v4.2.0
v4.1.0
Summary
Policy definition updates and a number of fixes are the highlights of this release. Please see RELEASE.md.
Enhancements
- Update Library Templates (automated) by @cae-pr-creator in #739
- Update Library Templates (automated) by @cae-pr-creator in #704
- Update Library Templates (automated) by @cae-pr-creator in #739
- Microsoft defender for Cloud policy update by @steph409 in #709
- Feature Request - Update Policy Assignment Code to use parameters fro… by @rrnnrr in #725
Fixes
- fix: wiki broken link by @matt-FFFFFF in #767
- fix: #758 archetype config overrides conflicts by @matt-FFFFFF in #762
- fix: archetypesync by @matt-FFFFFF in #733
- Fix issue with SQL auditing policy casing by @jaredfholgate in #760
- fix: remove Character Limit of root_id and add additional regex for scope_id by @liamjvs in #754
- fix: #722 by @matt-FFFFFF in #738
- Bug: Duplicate Object Key Firewall PIP by @luke-taylor in #766
- fix: policy_assignment_es_deploy_log_analytics enforcementMode by @matt-FFFFFF in #741
- Bug 29784 - Policy Assignment Enforcement Mode from Upstream Policy Assignments by @jaredfholgate in #772
Documentation
- Update [User-Guide]-Upgrade-from-v3.3.0-to-v4.0.0.md by @cbezenco in #714
- Deploy with Zero Trust Networking Principles Guide by @brsteph in #745
Other
- FabricBot: Onboarding to GitOps.ResourceManagement because of FabricBot decommissioning by @microsoft-github-policy-service in #757
New Contributors
- @cbezenco made their first contribution in #714
- @brsteph made their first contribution in #745
- @rrnnrr made their first contribution in #725
- @microsoft-github-policy-service made their first contribution in #757
Full Changelog: v4.0.2...v4.1.0