Skip to content

Commit

Permalink
Merge pull request #334 from roarrioj/ASR
Browse files Browse the repository at this point in the history 
Alerts ASR  Modify Policy
  • Loading branch information
@arjenhuitema
arjenhuitema authored Sep 30, 2024
2 parents 252935b + c28c51f commit 0adf51a
Show file tree
Hide file tree
Showing 7 changed files with 238 additions and 9 deletions.
6 changes: 6 additions & 0 deletions patterns/alz/alzArm.param.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1592,6 +1592,9 @@
"RVBackupHealthMonitorPolicyEffect": {
"value": "modify"
},
"RVASRHealthMonitorPolicyEffect": {
"value": "modify"
},
"StorageAccountAvailabilityAlertSeverity": {
"value": "1"
},
Expand Down Expand Up @@ -2195,6 +2198,9 @@
"value": {
"RVBackupHealthMonitorPolicyEffect": {
"value": "modify"
},
"RVASRHealthMonitorPolicyEffect": {
"value": "modify"
}
}
},
Expand Down
40 changes: 35 additions & 5 deletions patterns/alz/policyDefinitions/policies-RecoveryServices.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "14847613428435145634"
"templateHash": "1318147395456265355"
}
},
"parameters": {
Expand Down Expand Up @@ -116,15 +116,16 @@
}
],
"$fxv#0": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_RecoveryVault_BackupHealthMonitor_Alert\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy RV Backup Health Monitoring Alerts\",\n \"description\": \"Policy to audit/update Recovery Vault Backup Health Alerting to Azure monitor alerts\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Site Recovery\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"modify\",\n \"audit\",\n \"disabled\"\n ],\n \"defaultValue\": \"modify\"\n },\n \"MonitorDisableTagName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"ALZ Monitoring disabled tag name\",\n \"description\": \"Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\n },\n \"defaultValue\": \"MonitorDisable\"\n },\n \"MonitorDisableTagValues\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\n },\n \"defaultValue\": [\n \"true\",\n \"Test\",\n \"Dev\",\n \"Sandbox\"\n ]\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.RecoveryServices/Vaults\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\n },\n {\n \"field\": \"Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllJobFailures\",\n \"notEquals\": \"Enabled\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"conflictEffect\": \"audit\",\n \"operations\": [\n {\n \"operation\": \"addOrReplace\",\n \"field\": \"Microsoft.RecoveryServices/vaults/monitoringSettings.classicAlertSettings.alertsForCriticalOperations\",\n \"value\": \"Disabled\"\n },\n {\n \"operation\": \"addOrReplace\",\n \"field\": \"Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllJobFailures\",\n \"value\": \"Enabled\"\n }\n ]\n }\n }\n }\n }\n}\n",
"$fxv#1": {
"$fxv#1": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2024-04-01\",\n \"name\": \"Deploy_RecoveryVault_ASRHealthMonitor_Alert\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy RV ASR Health Monitoring Alerts\",\n \"description\": \"Policy to audit/update Recovery Vault ASR Health Alerting to Azure monitor alerts\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Site Recovery\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"modify\",\n \"audit\",\n \"disabled\"\n ],\n \"defaultValue\": \"modify\"\n },\n \"MonitorDisableTagName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"ALZ Monitoring disabled tag name\",\n \"description\": \"Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\n },\n \"defaultValue\": \"MonitorDisable\"\n },\n \"MonitorDisableTagValues\": {\n \"type\": \"Array\",\n \"metadata\": {\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\n },\n \"defaultValue\": [\n \"true\",\n \"Test\",\n \"Dev\",\n \"Sandbox\"\n ]\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.RecoveryServices/Vaults\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllReplicationIssues\",\n \"notEquals\": \"Enabled\"\n },\n {\n \"field\": \"Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllFailoverIssues\",\n \"notEquals\": \"Enabled\"\n }\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"conflictEffect\": \"audit\",\n \"operations\": [\n {\n \"operation\": \"addOrReplace\",\n \"field\": \"Microsoft.RecoveryServices/vaults/monitoringSettings.classicAlertSettings.emailNotificationsForSiteRecovery\",\n \"value\": \"Disabled\"\n },\n {\n \"operation\": \"addOrReplace\",\n \"field\": \"Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllReplicationIssues\",\n \"value\": \"Enabled\"\n },\n {\n \"operation\": \"addOrReplace\",\n \"field\": \"Microsoft.RecoveryServices/vaults/monitoringSettings.azureMonitorAlertSettings.alertsForAllFailoverIssues\",\n \"value\": \"Enabled\"\n }\n ]\n }\n }\n }\n }\n}",
"$fxv#2": {
"type": "Microsoft.Authorization/policySetDefinitions",
"apiVersion": "2021-06-01",
"name": "Alerting-RecoveryServices",
"properties": {
"displayName": "Deploy Azure Monitor Baseline Alerts for Recovery Services",
"description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Recovery Services such as Azure Backup, and Azure Site Recovery.",
"metadata": {
"version": "1.0.0",
"version": "1.1.0",
"category": "Monitoring",
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
Expand Down Expand Up @@ -166,6 +167,19 @@
"displayName": "Recovery Vault Backup Health Monitor Policy Effect",
"description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist"
}
},
"RVASRHealthMonitorPolicyEffect": {
"type": "string",
"defaultValue": "modify",
"allowedValues": [
"modify",
"audit",
"disabled"
],
"metadata": {
"displayName": "Recovery Vault ASR Health Monitor Policy Effect",
"description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist"
}
}
},
"policyDefinitions": [
Expand All @@ -183,6 +197,21 @@
"value": "[[[parameters('ALZMonitorDisableTagValues')]"
}
}
},
{
"policyDefinitionReferenceId": "ALZ_RVASRHealthMonitor",
"policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_ASRHealthMonitor_Alert",
"parameters": {
"effect": {
"value": "[[[parameters('RVASRHealthMonitorPolicyEffect')]"
},
"MonitorDisableTagName": {
"value": "[[[parameters('ALZMonitorDisableTagName')]"
},
"MonitorDisableTagValues": {
"value": "[[[parameters('ALZMonitorDisableTagValues')]"
}
}
}
],
"policyType": "Custom",
Expand All @@ -208,15 +237,16 @@
"deploymentLocation": "[format('\"location\": \"{0}\"', variables('targetDeploymentLocationByCloudType')[variables('cloudEnv')])]",
"loadPolicyDefinitions": {
"All": [
"[variables('$fxv#0')]"
"[variables('$fxv#0')]",
"[variables('$fxv#1')]"
],
"AzureCloud": [],
"AzureChinaCloud": [],
"AzureUSGovernment": []
},
"loadPolicySetDefinitions": {
"All": [
"[string(variables('$fxv#1'))]"
"[string(variables('$fxv#2'))]"
],
"AzureCloud": [],
"AzureChinaCloud": [],
Expand Down
32 changes: 30 additions & 2 deletions patterns/alz/policyDefinitions/policySets.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "2221949666148884807"
"templateHash": "810152883234755352"
}
},
"parameters": {
Expand Down Expand Up @@ -5575,7 +5575,7 @@
"displayName": "Deploy Azure Monitor Baseline Alerts for Management",
"description": "Initiative to deploy AMBA alerts relevant to the ALZ Management management group",
"metadata": {
"version": "1.2.0",
"version": "1.3.0",
"category": "Monitoring",
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
Expand Down Expand Up @@ -5743,6 +5743,19 @@
"description": "Policy effect for the alert, modify will create the alert if it does not exist and enable it on your Recovery Vaults, audit will only audit if alerting is enabled on Recovery Vaults, disabled will not create the alert on Recovery Vaults"
}
},
"RVASRHealthMonitorPolicyEffect": {
"type": "string",
"defaultValue": "modify",
"allowedValues": [
"modify",
"audit",
"disabled"
],
"metadata": {
"displayName": "Recovery Vault ASR Health Monitor Policy Effect",
"description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist"
}
},
"StorageAccountAvailabilityAlertSeverity": {
"type": "String",
"defaultValue": "1",
Expand Down Expand Up @@ -6165,6 +6178,21 @@
}
}
},
{
"policyDefinitionReferenceId": "ALZ_RVASRHealthMonitor",
"policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_ASRHealthMonitor_Alert",
"parameters": {
"effect": {
"value": "[[[parameters('RVASRHealthMonitorPolicyEffect')]"
},
"MonitorDisableTagName": {
"value": "[[[parameters('ALZMonitorDisableTagName')]"
},
"MonitorDisableTagValues": {
"value": "[[[parameters('ALZMonitorDisableTagValues')]"
}
}
},
{
"policyDefinitionReferenceId": "ALZ_StorageAccountAvailability",
"policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_StorageAccount_Availability_Alert",
Expand Down
30 changes: 29 additions & 1 deletion patterns/alz/policySetDefinitions/Deploy-Management-Alerts.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"displayName": "Deploy Azure Monitor Baseline Alerts for Management",
"description": "Initiative to deploy AMBA alerts relevant to the ALZ Management management group",
"metadata": {
"version": "1.2.0",
"version": "1.3.0",
"category": "Monitoring",
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
Expand Down Expand Up @@ -174,6 +174,19 @@
"description": "Policy effect for the alert, modify will create the alert if it does not exist and enable it on your Recovery Vaults, audit will only audit if alerting is enabled on Recovery Vaults, disabled will not create the alert on Recovery Vaults"
}
},
"RVASRHealthMonitorPolicyEffect": {
"type": "string",
"defaultValue": "modify",
"allowedValues": [
"modify",
"audit",
"disabled"
],
"metadata": {
"displayName": "Recovery Vault ASR Health Monitor Policy Effect",
"description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist"
}
},
"StorageAccountAvailabilityAlertSeverity": {
"type": "String",
"defaultValue": "1",
Expand Down Expand Up @@ -596,6 +609,21 @@
}
}
},
{
"policyDefinitionReferenceId": "ALZ_RVASRHealthMonitor",
"policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_ASRHealthMonitor_Alert",
"parameters": {
"effect": {
"value": "[[parameters('RVASRHealthMonitorPolicyEffect')]"
},
"MonitorDisableTagName": {
"value": "[[parameters('ALZMonitorDisableTagName')]"
},
"MonitorDisableTagValues": {
"value": "[[parameters('ALZMonitorDisableTagValues')]"
}
}
},
{
"policyDefinitionReferenceId": "ALZ_StorageAccountAvailability",
"policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_StorageAccount_Availability_Alert",
Expand Down
30 changes: 29 additions & 1 deletion patterns/alz/policySetDefinitions/Deploy-RecoveryServices-Alerts.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"displayName": "Deploy Azure Monitor Baseline Alerts for Recovery Services",
"description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Recovery Services such as Azure Backup, and Azure Site Recovery.",
"metadata": {
"version": "1.0.0",
"version": "1.1.0",
"category": "Monitoring",
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
Expand Down Expand Up @@ -48,6 +48,19 @@
"displayName": "Recovery Vault Backup Health Monitor Policy Effect",
"description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist"
}
},
"RVASRHealthMonitorPolicyEffect": {
"type": "string",
"defaultValue": "modify",
"allowedValues": [
"modify",
"audit",
"disabled"
],
"metadata": {
"displayName": "Recovery Vault ASR Health Monitor Policy Effect",
"description": "Policy effect for the alert, modify will modify the alert if it exists, or audit if it does not exist"
}
}
},
"policyDefinitions": [
Expand All @@ -65,6 +78,21 @@
"value": "[[parameters('ALZMonitorDisableTagValues')]"
}
}
},
{
"policyDefinitionReferenceId": "ALZ_RVASRHealthMonitor",
"policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_ASRHealthMonitor_Alert",
"parameters": {
"effect": {
"value": "[[parameters('RVASRHealthMonitorPolicyEffect')]"
},
"MonitorDisableTagName": {
"value": "[[parameters('ALZMonitorDisableTagName')]"
},
"MonitorDisableTagValues": {
"value": "[[parameters('ALZMonitorDisableTagValues')]"
}
}
}
],
"policyType": "Custom",
Expand Down
1 change: 1 addition & 0 deletions patterns/alz/templates/policies-RecoveryServices.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ var loadPolicyDefinitions = {
All: [
// Used in both RecoverySwervices and Management Policy Set Definitions
loadTextContent('../../../services/RecoveryServices/vaults/Modify-RSV-BackupHealth-Alert.json')
loadTextContent('../../../services/RecoveryServices/vaults/Modify-RSV-ASRHealth-Alert.json')
]
AzureCloud: []
AzureChinaCloud: []
Expand Down
Loading

0 comments on commit 0adf51a

Please sign in to comment.