Fixed Role Definition Id References to use the ResourceId function

policy/builtin/assignments/fedramp-moderate.bicep

@@ -64,7 +64,7 @@ resource policySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssignm
   name: guid(policyAssignmentManagementGroupId, 'fedramp-moderate-Contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }

policy/builtin/assignments/hitrust-hipaa.bicep

@@ -157,7 +157,7 @@ resource policySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssignm
   name: guid(policyAssignmentManagementGroupId, 'hitrust-hipaa-contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }
@@ -167,7 +167,7 @@ resource policySetRoleAssignmentVMContributor 'Microsoft.Authorization/roleAssig
   name: guid(policyAssignmentManagementGroupId, 'hitrust-hipaa-virtual-machine-contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','9980e02c-c2be-4d73-94e8-173b1dc7cf3c')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }
@@ -177,7 +177,7 @@ resource policySetRoleAssignmentNetworkContributor 'Microsoft.Authorization/role
   name: guid(policyAssignmentManagementGroupId, 'hitrust-hipaa-network-contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','4d97b98b-1d4f-4787-a291-c67834d212e7')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }
@@ -187,7 +187,7 @@ resource policySetRoleAssignmentMonitoringContributor 'Microsoft.Authorization/r
   name: guid(policyAssignmentManagementGroupId, 'hitrust-hipaa-monitoring-contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','749f88d5-cbae-40b8-bcfc-e573ddc772fa')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }
@@ -197,7 +197,7 @@ resource policySetRoleAssignmentStorageAccountContributor 'Microsoft.Authorizati
   name: guid(policyAssignmentManagementGroupId, 'hitrust-hipaa-storage-account-contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','17d1049b-9a84-46fb-8f53-869881c3d3ab')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }

policy/builtin/assignments/location.bicep

@@ -38,7 +38,7 @@ resource rgLocationAssignment 'Microsoft.Authorization/policyAssignments@2020-03
   name: 'locrg-${uniqueString('rg-location-', policyAssignmentManagementGroupId)}'
   properties: {
     displayName: 'Restrict to Canada Central and Canada East regions for Resource Groups'
-    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988'
+    policyDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','e765b5de-1225-4ba3-bd56-1ac6695af988')
     scope: scope
     notScopes: []
     parameters: {
@@ -55,7 +55,7 @@ resource resourceLocationAssignment 'Microsoft.Authorization/policyAssignments@2
   name: 'locr-${uniqueString('resource-location-', policyAssignmentManagementGroupId)}'
   properties: {
     displayName: 'Restrict to Canada Central and Canada East regions for Resources'
-    policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c'
+    policyDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','e56962a6-4747-49cd-b67b-bf8b01975c4c')
     scope: scope
     notScopes: []
     parameters: {

policy/builtin/assignments/nist80053r4.bicep

@@ -76,7 +76,7 @@ resource policySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssignm
   name: guid(policyAssignmentManagementGroupId, 'nist-sp-800-53-r4-contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }

policy/builtin/assignments/nist80053r5.bicep

@@ -64,7 +64,7 @@ resource policySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssignm
   name: guid(policyAssignmentManagementGroupId, 'nist-sp-800-53-r5-contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }

policy/builtin/assignments/pbmm.bicep

@@ -132,7 +132,7 @@ resource policySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssignm
   name: guid(policyAssignmentManagementGroupId, 'pbmm-Contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }

policy/custom/assignments/AKS.bicep

@@ -58,7 +58,7 @@ resource podSecurityRestrictedStandardsPolicySetAssignment 'Microsoft.Authorizat
   name: 'aks-res-${uniqueString(policyAssignmentManagementGroupId)}'
   properties: {
     displayName: 'Kubernetes cluster pod security restricted standards for Linux-based workloads'
-    policyDefinitionId: '/providers/Microsoft.Authorization/policySetDefinitions/42b8ef37-b724-4e24-bbc8-7a7708edfe00'
+    policyDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','42b8ef37-b724-4e24-bbc8-7a7708edfe00')
     scope: scope
     notScopes: []
     parameters: {}
@@ -74,7 +74,7 @@ resource podSecurityBaselineStandardsPolicySetAssignment 'Microsoft.Authorizatio
   name: 'aks-std-${uniqueString(policyAssignmentManagementGroupId)}'
   properties: {
     displayName: 'Kubernetes cluster pod security baseline standards for Linux-based workloads'
-    policyDefinitionId: '/providers/Microsoft.Authorization/policySetDefinitions/a8640138-9b0a-4a28-b8cb-1666c838647d'
+    policyDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','a8640138-9b0a-4a28-b8cb-1666c838647d')
     scope: scope
     notScopes: []
     parameters: {}
@@ -93,7 +93,7 @@ resource policySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssignm
   name: guid(policyAssignmentManagementGroupId, 'aks', 'Contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }

policy/custom/assignments/DDoS.bicep

@@ -66,7 +66,7 @@ resource policySetRoleAssignmentNetworkContributor 'Microsoft.Authorization/role
   name: guid(policyAssignmentManagementGroupId, 'ddos-standard', 'Network Contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','4d97b98b-1d4f-4787-a291-c67834d212e7')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }

policy/custom/assignments/DNSPrivateEndpoints.bicep

@@ -76,7 +76,7 @@ resource policySetRoleAssignmentNetworkContributor 'Microsoft.Authorization/role
   name: guid(policyAssignmentManagementGroupId, 'dns-private-endpoint', 'Network Contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','4d97b98b-1d4f-4787-a291-c67834d212e7')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }

policy/custom/assignments/DefenderForCloud.bicep

@@ -61,7 +61,7 @@ resource policySetRoleAssignmentSecurityAdmin 'Microsoft.Authorization/roleAssig
   name: guid(policyAssignmentManagementGroupId, 'asc', 'Security Admin')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','fb1c8493-542b-48eb-b624-b4c8fea62acd')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }
@@ -71,7 +71,7 @@ resource policySetRoleAssignmentVirtualMachineContributor 'Microsoft.Authorizati
   name: guid(policyAssignmentManagementGroupId, 'asc', 'Virtual Machine Contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','9980e02c-c2be-4d73-94e8-173b1dc7cf3c')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }

policy/custom/assignments/LogAnalytics.bicep

@@ -73,7 +73,7 @@ resource policySetRoleAssignmentLogAnalyticsContributor 'Microsoft.Authorization
   name: guid(policyAssignmentManagementGroupId, 'loganalytics', 'Log Analytics Contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','92aaf0da-9dab-42b6-94a3-d43ce8d16293')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }
@@ -83,7 +83,7 @@ resource policySetRoleAssignmentVirtualMachineContributor 'Microsoft.Authorizati
   name: guid(policyAssignmentManagementGroupId, 'loganalytics', 'Virtual Machine Contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','9980e02c-c2be-4d73-94e8-173b1dc7cf3c')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }
@@ -93,7 +93,7 @@ resource policySetRoleAssignmentMonitoringContributor 'Microsoft.Authorization/r
   name: guid(policyAssignmentManagementGroupId, 'loganalytics', 'Monitoring Contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','749f88d5-cbae-40b8-bcfc-e573ddc772fa')
     principalId: policySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }

policy/custom/assignments/Tags.bicep

@@ -58,7 +58,7 @@ resource rgPolicySetRoleAssignmentFromSubscriptionToResourceGroupContributor 'Mi
   name: guid(rgInheritedPolicyFromSubscriptionToResourceGroupId, 'RgRemediation', 'Contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c')
     principalId: rgInheritedPolicySetFromSubscriptionToResourceGroupAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }
@@ -88,7 +88,7 @@ resource rgPolicySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssig
   name: guid(policyAssignmentManagementGroupId, 'RgRemediation', 'Contributor')
   scope: managementGroup()
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c')
     principalId: rgInheritedPolicySetAssignment.identity.principalId
     principalType: 'ServicePrincipal'
   }