This repository has been archived by the owner on Oct 5, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 83
/
deploy-rv_backuphealth_monitor.bicep
97 lines (92 loc) · 3.42 KB
/
deploy-rv_backuphealth_monitor.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT license.
targetScope = 'managementGroup'
param policyLocation string = 'centralus'
param deploymentRoleDefinitionIds array = [
'/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
]
@allowed([
'modify'
'audit'
'disabled'
])
param parPolicyEffect string = 'modify'
param parMonitorDisable string = 'MonitorDisable'
module BackupHealthMonitor '../../arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep' = {
name: '${uniqueString(deployment().name)}-rvbuhm-policyDefinitions'
params: {
name: 'Deploy_RecoveryVault_BackupHealthMonitor_Alert'
displayName: 'Deploy RV Backup Health Monitoring Alerts'
description: 'Policy to audit/update Recovery Vault Backup Health Alerting to Azure monitor alerts'
location: policyLocation
metadata: {
version: '1.0.0'
category: 'Site Recovery'
source: 'https://github.com/Azure/Enterprise-Scale/'
alzCloudEnvironments: [
'AzureCloud'
]
_deployed_by_alz_monitor: 'True'
}
parameters: {
effect: {
type: 'String'
metadata: {
displayName: 'Effect'
description: 'Effect of the policy'
}
allowedValues: [
'modify'
'audit'
'disabled'
]
defaultValue: parPolicyEffect
}
MonitorDisable: {
type: 'String'
metadata: {
displayName: 'Effect'
description: 'Tag name to disable monitoring resource. Set to true if monitoring should be disabled'
}
defaultValue: parMonitorDisable
}
}
policyRule: {
if: {
allOf: [
{
field: 'type'
equals: 'Microsoft.RecoveryServices/Vaults'
}
{
field: '[concat(\'tags[\', parameters(\'MonitorDisable\'), \']\')]'
notEquals: 'true'
}
{
field: 'Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllJobFailures'
notEquals: 'Enabled'
}
]
}
then: {
effect: '[parameters(\'effect\')]'
details: {
roleDefinitionIds: deploymentRoleDefinitionIds
conflictEffect: 'audit'
operations: [
{
operation: 'addOrReplace'
field: 'Microsoft.RecoveryServices/vaults/monitoringSettings.classicAlertSettings.alertsForCriticalOperations'
value: 'Disabled'
}
{
operation: 'addOrReplace'
field: 'Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllJobFailures'
value: 'Enabled'
}
]
}
}
}
}
}