diff --git a/policy/builtin/assignments/fedramp-moderate.bicep b/policy/builtin/assignments/fedramp-moderate.bicep index 818fc249..537efe56 100644 --- a/policy/builtin/assignments/fedramp-moderate.bicep +++ b/policy/builtin/assignments/fedramp-moderate.bicep @@ -64,7 +64,7 @@ resource policySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssignm name: guid(policyAssignmentManagementGroupId, 'fedramp-moderate-Contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } diff --git a/policy/builtin/assignments/hitrust-hipaa.bicep b/policy/builtin/assignments/hitrust-hipaa.bicep index 9bb3d7b7..08c0bba5 100644 --- a/policy/builtin/assignments/hitrust-hipaa.bicep +++ b/policy/builtin/assignments/hitrust-hipaa.bicep @@ -157,7 +157,7 @@ resource policySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssignm name: guid(policyAssignmentManagementGroupId, 'hitrust-hipaa-contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } @@ -167,7 +167,7 @@ resource policySetRoleAssignmentVMContributor 'Microsoft.Authorization/roleAssig name: guid(policyAssignmentManagementGroupId, 'hitrust-hipaa-virtual-machine-contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','9980e02c-c2be-4d73-94e8-173b1dc7cf3c') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } @@ -177,7 +177,7 @@ resource policySetRoleAssignmentNetworkContributor 'Microsoft.Authorization/role name: guid(policyAssignmentManagementGroupId, 'hitrust-hipaa-network-contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','4d97b98b-1d4f-4787-a291-c67834d212e7') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } @@ -187,7 +187,7 @@ resource policySetRoleAssignmentMonitoringContributor 'Microsoft.Authorization/r name: guid(policyAssignmentManagementGroupId, 'hitrust-hipaa-monitoring-contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','749f88d5-cbae-40b8-bcfc-e573ddc772fa') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } @@ -197,7 +197,7 @@ resource policySetRoleAssignmentStorageAccountContributor 'Microsoft.Authorizati name: guid(policyAssignmentManagementGroupId, 'hitrust-hipaa-storage-account-contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','17d1049b-9a84-46fb-8f53-869881c3d3ab') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } diff --git a/policy/builtin/assignments/location.bicep b/policy/builtin/assignments/location.bicep index d2b1db52..fd2287e0 100644 --- a/policy/builtin/assignments/location.bicep +++ b/policy/builtin/assignments/location.bicep @@ -38,7 +38,7 @@ resource rgLocationAssignment 'Microsoft.Authorization/policyAssignments@2020-03 name: 'locrg-${uniqueString('rg-location-', policyAssignmentManagementGroupId)}' properties: { displayName: 'Restrict to Canada Central and Canada East regions for Resource Groups' - policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988' + policyDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','e765b5de-1225-4ba3-bd56-1ac6695af988') scope: scope notScopes: [] parameters: { @@ -55,7 +55,7 @@ resource resourceLocationAssignment 'Microsoft.Authorization/policyAssignments@2 name: 'locr-${uniqueString('resource-location-', policyAssignmentManagementGroupId)}' properties: { displayName: 'Restrict to Canada Central and Canada East regions for Resources' - policyDefinitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c' + policyDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','e56962a6-4747-49cd-b67b-bf8b01975c4c') scope: scope notScopes: [] parameters: { diff --git a/policy/builtin/assignments/nist80053r4.bicep b/policy/builtin/assignments/nist80053r4.bicep index f236908f..80cd7c30 100644 --- a/policy/builtin/assignments/nist80053r4.bicep +++ b/policy/builtin/assignments/nist80053r4.bicep @@ -76,7 +76,7 @@ resource policySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssignm name: guid(policyAssignmentManagementGroupId, 'nist-sp-800-53-r4-contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } diff --git a/policy/builtin/assignments/nist80053r5.bicep b/policy/builtin/assignments/nist80053r5.bicep index 98ceafc0..0cfab389 100644 --- a/policy/builtin/assignments/nist80053r5.bicep +++ b/policy/builtin/assignments/nist80053r5.bicep @@ -64,7 +64,7 @@ resource policySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssignm name: guid(policyAssignmentManagementGroupId, 'nist-sp-800-53-r5-contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } diff --git a/policy/builtin/assignments/pbmm.bicep b/policy/builtin/assignments/pbmm.bicep index 3980f1d4..1086f5e9 100644 --- a/policy/builtin/assignments/pbmm.bicep +++ b/policy/builtin/assignments/pbmm.bicep @@ -132,7 +132,7 @@ resource policySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssignm name: guid(policyAssignmentManagementGroupId, 'pbmm-Contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } diff --git a/policy/custom/assignments/AKS.bicep b/policy/custom/assignments/AKS.bicep index 97acf94c..fb40c715 100644 --- a/policy/custom/assignments/AKS.bicep +++ b/policy/custom/assignments/AKS.bicep @@ -58,7 +58,7 @@ resource podSecurityRestrictedStandardsPolicySetAssignment 'Microsoft.Authorizat name: 'aks-res-${uniqueString(policyAssignmentManagementGroupId)}' properties: { displayName: 'Kubernetes cluster pod security restricted standards for Linux-based workloads' - policyDefinitionId: '/providers/Microsoft.Authorization/policySetDefinitions/42b8ef37-b724-4e24-bbc8-7a7708edfe00' + policyDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','42b8ef37-b724-4e24-bbc8-7a7708edfe00') scope: scope notScopes: [] parameters: {} @@ -74,7 +74,7 @@ resource podSecurityBaselineStandardsPolicySetAssignment 'Microsoft.Authorizatio name: 'aks-std-${uniqueString(policyAssignmentManagementGroupId)}' properties: { displayName: 'Kubernetes cluster pod security baseline standards for Linux-based workloads' - policyDefinitionId: '/providers/Microsoft.Authorization/policySetDefinitions/a8640138-9b0a-4a28-b8cb-1666c838647d' + policyDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','a8640138-9b0a-4a28-b8cb-1666c838647d') scope: scope notScopes: [] parameters: {} @@ -93,7 +93,7 @@ resource policySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssignm name: guid(policyAssignmentManagementGroupId, 'aks', 'Contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } diff --git a/policy/custom/assignments/DDoS.bicep b/policy/custom/assignments/DDoS.bicep index 32a9bfc8..a1b9d468 100644 --- a/policy/custom/assignments/DDoS.bicep +++ b/policy/custom/assignments/DDoS.bicep @@ -66,7 +66,7 @@ resource policySetRoleAssignmentNetworkContributor 'Microsoft.Authorization/role name: guid(policyAssignmentManagementGroupId, 'ddos-standard', 'Network Contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','4d97b98b-1d4f-4787-a291-c67834d212e7') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } diff --git a/policy/custom/assignments/DNSPrivateEndpoints.bicep b/policy/custom/assignments/DNSPrivateEndpoints.bicep index 9c79d7aa..3e57cc97 100644 --- a/policy/custom/assignments/DNSPrivateEndpoints.bicep +++ b/policy/custom/assignments/DNSPrivateEndpoints.bicep @@ -76,7 +76,7 @@ resource policySetRoleAssignmentNetworkContributor 'Microsoft.Authorization/role name: guid(policyAssignmentManagementGroupId, 'dns-private-endpoint', 'Network Contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','4d97b98b-1d4f-4787-a291-c67834d212e7') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } diff --git a/policy/custom/assignments/DefenderForCloud.bicep b/policy/custom/assignments/DefenderForCloud.bicep index 16e9878a..0c8f898b 100644 --- a/policy/custom/assignments/DefenderForCloud.bicep +++ b/policy/custom/assignments/DefenderForCloud.bicep @@ -61,7 +61,7 @@ resource policySetRoleAssignmentSecurityAdmin 'Microsoft.Authorization/roleAssig name: guid(policyAssignmentManagementGroupId, 'asc', 'Security Admin') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','fb1c8493-542b-48eb-b624-b4c8fea62acd') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } @@ -71,7 +71,7 @@ resource policySetRoleAssignmentVirtualMachineContributor 'Microsoft.Authorizati name: guid(policyAssignmentManagementGroupId, 'asc', 'Virtual Machine Contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','9980e02c-c2be-4d73-94e8-173b1dc7cf3c') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } diff --git a/policy/custom/assignments/LogAnalytics.bicep b/policy/custom/assignments/LogAnalytics.bicep index afe85cc7..148ae16c 100644 --- a/policy/custom/assignments/LogAnalytics.bicep +++ b/policy/custom/assignments/LogAnalytics.bicep @@ -73,7 +73,7 @@ resource policySetRoleAssignmentLogAnalyticsContributor 'Microsoft.Authorization name: guid(policyAssignmentManagementGroupId, 'loganalytics', 'Log Analytics Contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','92aaf0da-9dab-42b6-94a3-d43ce8d16293') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } @@ -83,7 +83,7 @@ resource policySetRoleAssignmentVirtualMachineContributor 'Microsoft.Authorizati name: guid(policyAssignmentManagementGroupId, 'loganalytics', 'Virtual Machine Contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','9980e02c-c2be-4d73-94e8-173b1dc7cf3c') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } @@ -93,7 +93,7 @@ resource policySetRoleAssignmentMonitoringContributor 'Microsoft.Authorization/r name: guid(policyAssignmentManagementGroupId, 'loganalytics', 'Monitoring Contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','749f88d5-cbae-40b8-bcfc-e573ddc772fa') principalId: policySetAssignment.identity.principalId principalType: 'ServicePrincipal' } diff --git a/policy/custom/assignments/Tags.bicep b/policy/custom/assignments/Tags.bicep index 0bdd3a2e..8c1f7a97 100644 --- a/policy/custom/assignments/Tags.bicep +++ b/policy/custom/assignments/Tags.bicep @@ -58,7 +58,7 @@ resource rgPolicySetRoleAssignmentFromSubscriptionToResourceGroupContributor 'Mi name: guid(rgInheritedPolicyFromSubscriptionToResourceGroupId, 'RgRemediation', 'Contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c') principalId: rgInheritedPolicySetFromSubscriptionToResourceGroupAssignment.identity.principalId principalType: 'ServicePrincipal' } @@ -88,7 +88,7 @@ resource rgPolicySetRoleAssignmentContributor 'Microsoft.Authorization/roleAssig name: guid(policyAssignmentManagementGroupId, 'RgRemediation', 'Contributor') scope: managementGroup() properties: { - roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions','b24988ac-6180-42a0-ab88-20f7382dd24c') principalId: rgInheritedPolicySetAssignment.identity.principalId principalType: 'ServicePrincipal' }