-
Notifications
You must be signed in to change notification settings - Fork 545
/
policyAzureArcBuiltins.json
208 lines (205 loc) · 10.8 KB
/
policyAzureArcBuiltins.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"azureLocation": {
"type": "string",
"metadata": {
"description": "Location of your Azure resources"
}
},
"logAnalyticsWorkspace": {
"type": "string",
"metadata": {
"description": "Name of your log analytics workspace"
}
}
},
"variables": {
"logAnalyticsResource": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspace'))]",
"policyDefinitionForLinuxDeployLogAnalytics": "/providers/Microsoft.Authorization/policyDefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf",
"policyDefinitionForWindowsDeployLogAnalytics": "/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203",
"policyDefinitionForAddResourceTag": "/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26",
"policyDefinitionForLinuxDeployDependencyAgent": "/providers/Microsoft.Authorization/policyDefinitions/deacecc0-9f84-44d2-bb82-46f32d766d43",
"policyDefinitionForWindowsDeployDependencyAgent": "/providers/Microsoft.Authorization/policyDefinitions/91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4",
"policyDefinitionForEnableAzureDefenderKubernetes": "/providers/Microsoft.Authorization/policyDefinitions/708b60a6-d253-4fe0-9114-4be4c00f012c",
"policyNameForLinuxDeployLogAnalytics": "(ArcBox) Deploy Linux Log Analytics agents",
"policyNameForWindowsDeployLogAnalytics": "(ArcBox) Deploy Windows Log Analytics agents",
"policyNameForLinuxDeployDependencyAgent": "(ArcBox) Deploy Linux Dependency Agents",
"policyNameForWindowsDeployDependencyAgent": "(ArcBox) Deploy Windows Dependency Agents",
"policyNameForAddResourceTag": "(ArcBox) Tag resources",
"policyNameForEnableAzureDefenderKubernetes": "(ArcBox) Enable Azure Defender on Kubernetes clusters",
"logAnalyticsContributorRoleDefinition": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]",
"tagContributorRoleDefinition": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]"
},
"resources": [
{
"type": "Microsoft.Authorization/policyAssignments",
"name": "[variables('policyNameForLinuxDeployLogAnalytics')]",
"apiVersion": "2019-09-01",
"location": "[parameters('azureLocation')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"scope": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', resourceGroup().name)]",
"policyDefinitionId": "[variables('policyDefinitionForLinuxDeployLogAnalytics')]",
"parameters": {
"logAnalytics": {
"value": "[variables('logAnalyticsResource')]"
}
}
}
},
{
"type": "Microsoft.Authorization/roleAssignments",
"name": "[guid(variables('policyNameForLinuxDeployLogAnalytics'), resourceGroup().id)]",
"dependsOn": [ "[variables('policyNameForLinuxDeployLogAnalytics')]" ],
"apiVersion": "2020-04-01-preview",
"properties": {
"roleDefinitionId": "[variables('logAnalyticsContributorRoleDefinition')]",
"principalId": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('policyNameForLinuxDeployLogAnalytics')),'2019-09-01', 'full').identity.principalId]",
"principalType": "ServicePrincipal"
}
},
{
"type": "Microsoft.Authorization/policyAssignments",
"name": "[variables('policyNameForWindowsDeployLogAnalytics')]",
"apiVersion": "2019-09-01",
"identity": {
"type": "SystemAssigned"
},
"location": "[parameters('azureLocation')]",
"properties": {
"scope": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', resourceGroup().name)]",
"policyDefinitionId": "[variables('policyDefinitionForWindowsDeployLogAnalytics')]",
"parameters": {
"logAnalytics": {
"value": "[variables('logAnalyticsResource')]"
}
}
}
},
{
"type": "Microsoft.Authorization/roleAssignments",
"name": "[guid(variables('policyNameForWindowsDeployLogAnalytics'), resourceGroup().id)]",
"dependsOn": [ "[variables('policyNameForWindowsDeployLogAnalytics')]" ],
"apiVersion": "2020-04-01-preview",
"properties": {
"roleDefinitionId": "[variables('logAnalyticsContributorRoleDefinition')]",
"principalId": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('policyNameForWindowsDeployLogAnalytics')),'2019-09-01', 'full').identity.principalId]",
"principalType": "ServicePrincipal"
}
},
{
"type": "Microsoft.Authorization/policyAssignments",
"name": "[variables('policyNameForLinuxDeployDependencyAgent')]",
"apiVersion": "2019-09-01",
"location": "[parameters('azureLocation')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"scope": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', resourceGroup().name)]",
"policyDefinitionId": "[variables('policyDefinitionForLinuxDeployDependencyAgent')]",
"parameters": {
}
}
},
{
"type": "Microsoft.Authorization/roleAssignments",
"name": "[guid(variables('policyNameForLinuxDeployDependencyAgent'), resourceGroup().id)]",
"dependsOn": [ "[variables('policyNameForLinuxDeployDependencyAgent')]" ],
"apiVersion": "2020-04-01-preview",
"properties": {
"roleDefinitionId": "[variables('logAnalyticsContributorRoleDefinition')]",
"principalId": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('policyNameForLinuxDeployDependencyAgent')),'2019-09-01', 'full').identity.principalId]",
"principalType": "ServicePrincipal"
}
},
{
"type": "Microsoft.Authorization/policyAssignments",
"name": "[variables('policyNameForWindowsDeployDependencyAgent')]",
"apiVersion": "2019-09-01",
"identity": {
"type": "SystemAssigned"
},
"location": "[parameters('azureLocation')]",
"properties": {
"scope": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', resourceGroup().name)]",
"policyDefinitionId": "[variables('policyDefinitionForWindowsDeployDependencyAgent')]",
"parameters": {
}
}
},
{
"type": "Microsoft.Authorization/roleAssignments",
"name": "[guid(variables('policyNameForWindowsDeployDependencyAgent'), resourceGroup().id)]",
"dependsOn": [ "[variables('policyNameForWindowsDeployDependencyAgent')]" ],
"apiVersion": "2020-04-01-preview",
"properties": {
"roleDefinitionId": "[variables('logAnalyticsContributorRoleDefinition')]",
"principalId": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('policyNameForWindowsDeployDependencyAgent')),'2019-09-01', 'full').identity.principalId]",
"principalType": "ServicePrincipal"
}
},
{
"type": "Microsoft.Authorization/policyAssignments",
"name": "[variables('policyNameForAddResourceTag')]",
"apiVersion": "2019-09-01",
"identity": {
"type": "SystemAssigned"
},
"location": "[parameters('azureLocation')]",
"properties": {
"scope": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', resourceGroup().name)]",
"policyDefinitionId": "[variables('policyDefinitionForAddResourceTag')]",
"parameters": {
"tagName": {
"value": "Project"
},
"tagValue": {
"value": "jumpstart_arcbox"
}
}
}
},
{
"type": "Microsoft.Authorization/roleAssignments",
"name": "[guid(variables('policyNameForAddResourceTag'), resourceGroup().id)]",
"dependsOn": [ "[variables('policyNameForAddResourceTag')]" ],
"apiVersion": "2020-04-01-preview",
"properties": {
"roleDefinitionId": "[variables('tagContributorRoleDefinition')]",
"principalId": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('policyNameForAddResourceTag')),'2019-09-01', 'full').identity.principalId]",
"principalType": "ServicePrincipal"
}
},
{
"type": "Microsoft.Authorization/policyAssignments",
"name": "[variables('policyNameForEnableAzureDefenderKubernetes')]",
"apiVersion": "2019-09-01",
"identity": {
"type": "SystemAssigned"
},
"location": "[parameters('azureLocation')]",
"properties": {
"scope": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', resourceGroup().name)]",
"policyDefinitionId": "[variables('policyDefinitionForEnableAzureDefenderKubernetes')]",
"parameters": {
}
}
},
{
"type": "Microsoft.Authorization/roleAssignments",
"name": "[guid(variables('policyNameForEnableAzureDefenderKubernetes'), resourceGroup().id)]",
"dependsOn": [ "[variables('policyNameForEnableAzureDefenderKubernetes')]" ],
"apiVersion": "2020-04-01-preview",
"properties": {
"roleDefinitionId": "[variables('logAnalyticsContributorRoleDefinition')]",
"principalId": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('policyNameForEnableAzureDefenderKubernetes')),'2019-09-01', 'full').identity.principalId]",
"principalType": "ServicePrincipal"
}
}
]
}