Skip to content
This repository has been archived by the owner on Oct 5, 2023. It is now read-only.

Commit

Permalink
Merge pull request #212 from Alboroni/V2LZInitiativePolicies
Browse files Browse the repository at this point in the history 
V2 lz initiative policies
  • Loading branch information
@arjenhuitema
arjenhuitema authored Aug 31, 2023
2 parents df5a71d + 1ec1635 commit 69367fd
Show file tree
Hide file tree
Showing 19 changed files with 6,620 additions and 0 deletions.
372 changes: 372 additions & 0 deletions ...crosoft.Authorization/policyDefinitions/deploy-ag_ApplicationGatewayTotalTime_alert.bicep
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,372 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT license.

targetScope = 'managementGroup'

param policyLocation string = 'centralus'
param deploymentRoleDefinitionIds array = [
'/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
]

@allowed([
'0'
'1'
'2'
'3'
'4'
])
param parAlertSeverity string = '2'

@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'P1D'
])
param parWindowSize string = 'PT5M'

@allowed([
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
])
param parEvaluationFrequency string = 'PT1M'

@allowed([
'Low'
'Medium'
'High'
])

param parAlertSensitivity string = 'Medium'

@allowed([
'deployIfNotExists'
'disabled'
])
param parPolicyEffect string = 'deployIfNotExists'

param parAutoMitigate string = 'true'

param parAlertState string = 'true'



param parMonitorDisable string = 'MonitorDisable'

module ApplicationGatewayTotalTime '../../arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-AGApplicationGatewayTotalTime-policyDefinitions'
params: {
name: 'Deploy_AG_ApplicationGatewayTotalTime_Alert'
displayName: '[DINE] Deploy AG ApplicationGatewayTotalTime Alert'
description: 'DINE policy to audit/deploy Azure Application Gateway ApplicationGatewayTotalTime Alert'
location: policyLocation
metadata: {
version: '1.0.1'
Category: 'Networking'
source: 'https://github.com/Azure/ALZ-Monitor/'
_deployed_by_alz_monitor: 'True'
}
parameters: {
severity: {
type: 'String'
metadata: {
displayName: 'Severity'
description: 'Severity of the Alert'
}
allowedValues: [
'0'
'1'
'2'
'3'
'4'
]
defaultValue: parAlertSeverity
}
windowSize: {
type: 'String'
metadata: {
displayName: 'Window Size'
description: 'Window size for the alert'
}
allowedValues: [
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
'PT6H'
'PT12H'
'P1D'
]
defaultValue: parWindowSize
}
evaluationFrequency: {
type: 'String'
metadata: {
displayName: 'Evaluation Frequency'
description: 'Evaluation frequency for the alert'
}
allowedValues: [
'PT1M'
'PT5M'
'PT15M'
'PT30M'
'PT1H'
]
defaultValue: parEvaluationFrequency
}
alertSensitivity: {
type: 'String'
metadata: {
displayName: 'Alert Sensitivity'
description: 'Alert Sensitivity for the alert'
}
allowedValues: [
'Low'
'Medium'
'High'
]
defaultValue: parAlertSensitivity
}

autoMitigate: {
type: 'String'
metadata: {
displayName: 'Auto Mitigate'
description: 'Auto Mitigate for the alert'
}
allowedValues: [
'true'
'false'
]
defaultValue: parAutoMitigate
}
enabled: {
type: 'String'
metadata: {
displayName: 'Alert State'
description: 'Alert state for the alert'
}
allowedValues: [
'true'
'false'
]
defaultValue: parAlertState
}

effect: {
type: 'String'
metadata: {
displayName: 'Effect'
description: 'Effect of the policy'
}
allowedValues: [
'deployIfNotExists'
'disabled'
]
defaultValue: parPolicyEffect
}
MonitorDisable: {
type: 'String'
metadata: {
displayName: 'Effect'
description: 'Tag name to disable monitoring resource. Set to true if monitoring should be disabled'
}

defaultValue: parMonitorDisable
}
}
policyRule: {
if: {
allOf: [
{
field: 'type'
equals: 'Microsoft.Network/applicationgateways'
}
{
field: 'Microsoft.Network/applicationgateways/sku.name'
In : [
'Standard_v2'
'WAF_v2'
]
}

{
field: '[concat(\'tags[\', parameters(\'MonitorDisable\'), \']\')]'
notEquals: 'true'
}
]
}
then: {
effect: '[parameters(\'effect\')]'
details: {
roleDefinitionIds: deploymentRoleDefinitionIds
type: 'Microsoft.Insights/metricAlerts'
existenceCondition: {
allOf: [
{
field: 'Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace'
equals: 'Microsoft.Network/applicationgateways'
}
{
field: 'Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName'
equals: 'ApplicationGatewayTotalTime'
}
{
field: 'Microsoft.Insights/metricalerts/scopes[*]'
equals: '[concat(subscription().id, \'/resourceGroups/\', resourceGroup().name, \'/providers/Microsoft.Network/applicationgateways/\', field(\'fullName\'))]'
}
{
field: 'Microsoft.Insights/metricAlerts/enabled'
equals: '[parameters(\'enabled\')]'
}
]
}
deployment: {
properties: {
mode: 'incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
parameters: {
resourceName: {
type: 'String'
metadata: {
displayName: 'resourceName'
description: 'Name of the resource'
}
}
resourceId: {
type: 'String'
metadata: {
displayName: 'resourceId'
description: 'Resource ID of the resource emitting the metric that will be used for the comparison'
}
}
severity: {
type: 'String'
}
windowSize: {
type: 'String'
}
evaluationFrequency: {
type: 'String'
}
alertSensitivity: {
type: 'String'
}

autoMitigate: {
type: 'String'
}
enabled: {
type: 'String'
}

}
variables: {}
resources: [
{
type: 'Microsoft.Insights/metricAlerts'
apiVersion: '2018-03-01'
name: '[concat(parameters(\'resourceName\'), \'-agApplicationGatewayTotalTime\')]'
location: 'global'
tags: {
_deployed_by_alz_monitor: true
}
properties: {
description: 'Metric Alert for App Gateway ApplicationGatewayTotalTime'
severity: '[parameters(\'severity\')]'
enabled: '[parameters(\'enabled\')]'
scopes: [
'[parameters(\'resourceId\')]'
]
evaluationFrequency: '[parameters(\'evaluationFrequency\')]'
windowSize: '[parameters(\'windowSize\')]'
criteria: {
allOf: [
{
name: 'ApplicationGatewayTotalTime'
metricNamespace: 'Microsoft.Network/applicationgateways'
metricName: 'ApplicationGatewayTotalTime'
operator: 'GreaterThan'
alertSensitivity: '[parameters(\'alertSensitivity\')]'
failingPeriods: {
minFailingPeriodsToAlert: 2
numberOfEvaluationPeriods: 2
}

timeAggregation: 'Total'
criterionType: 'DynamicThresholdCriterion'
}
]
'odata.type': 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'
}
autoMitigate: '[parameters(\'autoMitigate\')]'
parameters: {
severity: {
value: '[parameters(\'severity\')]'
}
windowSize: {
value: '[parameters(\'windowSize\')]'
}
evaluationFrequency: {
value: '[parameters(\'evaluationFrequency\')]'
}
alertSensitivity: {
value: '[parameters(\'alertSensitivity\')]'
}
autoMitigate: {
value: '[parameters(\'autoMitigate\')]'
}

enabled: {
value: '[parameters(\'enabled\')]'
}

}
}
}
]
}
parameters: {
resourceName: {
value: '[field(\'name\')]'
}
resourceId: {
value: '[field(\'id\')]'
}
severity: {
value: '[parameters(\'severity\')]'
}
windowSize: {
value: '[parameters(\'windowSize\')]'
}
evaluationFrequency: {
value: '[parameters(\'evaluationFrequency\')]'
}
alertSensitivity: {
value: '[parameters(\'alertSensitivity\')]'
}
autoMitigate: {
value: '[parameters(\'autoMitigate\')]'
}
enabled: {
value: '[parameters(\'enabled\')]'
}

}
}
}
}
}
}
}
}
Loading

0 comments on commit 69367fd

Please sign in to comment.