-
Notifications
You must be signed in to change notification settings - Fork 995
/
Copy pathDINE-PrivateDNSZonesPolicyAssignment.json
439 lines (439 loc) · 27.4 KB
/
DINE-PrivateDNSZonesPolicyAssignment.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
{
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"topLevelManagementGroupPrefix": {
"type": "string",
"metadata": {
"description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
}
},
"enforcementMode": {
"type": "string",
"allowedValues": [
"Default",
"DoNotEnforce"
],
"defaultValue": "Default"
},
"nonComplianceMessagePlaceholder": {
"type": "string",
"defaultValue": "{enforcementMode}"
},
"dnsZoneResourceGroupId": {
"type": "string",
"metadata": {
"description": "Provide the resourceId of the resource group for private DNS, which will construct the full resourceId for the private DNS zones."
}
},
"location": {
"type": "string",
"metadata": {
"description": "Provide the location where the virtual network is created (hub)"
}
}
},
"variables": {
"azBackupGeoCodes": {
"australiacentral": "acl",
"australiacentral2": "acl2",
"australiaeast": "ae",
"australiasoutheast": "ase",
"brazilsouth": "brs",
"brazilsoutheast": "bse",
"centraluseuap": "ccy",
"canadacentral": "cnc",
"canadaeast": "cne",
"centralus": "cus",
"eastasia": "ea",
"eastus2euap": "ecy",
"eastus": "eus",
"eastus2": "eus2",
"francecentral": "frc",
"francesouth": "frs",
"germanynorth": "gn",
"germanywestcentral": "gwc",
"centralindia": "inc",
"southindia": "ins",
"westindia": "inw",
"italynorth": "itn",
"japaneast": "jpe",
"japanwest": "jpw",
"jioindiacentral": "jic",
"jioindiawest": "jiw",
"koreacentral": "krc",
"koreasouth": "krs",
"northcentralus": "ncus",
"northeurope": "ne",
"norwayeast": "nwe",
"norwaywest": "nww",
"qatarcentral": "qac",
"southafricanorth": "san",
"southafricawest": "saw",
"southcentralus": "scus",
"swedencentral": "sdc",
"swedensouth": "sds",
"southeastasia": "sea",
"switzerlandnorth": "szn",
"switzerlandwest": "szw",
"uaecentral": "uac",
"uaenorth": "uan",
"uksouth": "uks",
"ukwest": "ukw",
"westcentralus": "wcus",
"westeurope": "we",
"westus": "wus",
"westus2": "wus2",
"westus3": "wus3",
"usdodcentral": "udc",
"usdodeast": "ude",
"usgovarizona": "uga",
"usgoviowa": "ugi",
"usgovtexas": "ugt",
"usgovvirginia": "ugv",
"usnateast": "exe",
"usnatwest": "exw",
"usseceast": "rxe",
"ussecwest": "rxw",
"chinanorth": "bjb",
"chinanorth2": "bjb2",
"chinanorth3": "bjb3",
"chinaeast": "sha",
"chinaeast2": "sha2",
"chinaeast3": "sha3",
"germanycentral": "gec",
"germanynortheast": "gne"
},
"baseId": "[concat(parameters('dnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/')]",
"policyParameterMapping": {
"azureFilePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.afs.azure.net')]",
"azureAutomationWebhookPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-automation.net')]",
"azureAutomationDSCHybridPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-automation.net')]",
"azureCosmosSQLPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.documents.azure.com')]",
"azureCosmosMongoPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.mongo.cosmos.azure.com')]",
"azureCosmosCassandraPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.cassandra.cosmos.azure.com')]",
"azureCosmosGremlinPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.gremlin.cosmos.azure.com')]",
"azureCosmosTablePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.cosmos.azure.com')]",
"azureDataFactoryPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.datafactory.azure.net')]",
"azureDataFactoryPortalPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.adf.azure.com')]",
"azureDatabricksPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azuredatabricks.net')]",
"azureHDInsightPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azurehdinsight.net')]",
"azureMigratePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.prod.migration.windowsazure.com')]",
"azureStorageBlobPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.windows.net')]",
"azureStorageBlobSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.windows.net')]",
"azureStorageQueuePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.queue.core.windows.net')]",
"azureStorageQueueSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.queue.core.windows.net')]",
"azureStorageFilePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.file.core.windows.net')]",
"azureStorageStaticWebPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.web.core.windows.net')]",
"azureStorageStaticWebSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.web.core.windows.net')]",
"azureStorageDFSPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dfs.core.windows.net')]",
"azureStorageDFSSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dfs.core.windows.net')]",
"azureSynapseSQLPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.sql.azuresynapse.net')]",
"azureSynapseSQLODPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.sql.azuresynapse.net')]",
"azureSynapseDevPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dev.azuresynapse.net')]",
"azureMediaServicesKeyPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.media.azure.net')]",
"azureMediaServicesLivePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.media.azure.net')]",
"azureMediaServicesStreamPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.media.azure.net')]",
"azureMonitorPrivateDnsZoneId1": "[concat(variables('baseId'), 'privatelink.monitor.azure.com')]",
"azureMonitorPrivateDnsZoneId2": "[concat(variables('baseId'), 'privatelink.oms.opinsights.azure.com')]",
"azureMonitorPrivateDnsZoneId3": "[concat(variables('baseId'), 'privatelink.ods.opinsights.azure.com')]",
"azureMonitorPrivateDnsZoneId4": "[concat(variables('baseId'), 'privatelink.agentsvc.azure-automation.net')]",
"azureMonitorPrivateDnsZoneId5": "[concat(variables('baseId'), 'privatelink.blob.core.windows.net')]",
"azureWebPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.webpubsub.azure.com')]",
"azureBatchPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.batch.azure.com')]",
"azureAppPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azconfig.io')]",
"azureAsrPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.siterecovery.windowsazure.com')]",
"azureIotPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices-provisioning.net')]",
"azureKeyVaultPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.vaultcore.azure.net')]",
"azureSignalRPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.service.signalr.net')]",
"azureAppServicesPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azurewebsites.net')]",
"azureEventGridTopicsPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.eventgrid.azure.net')]",
"azureDiskAccessPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.windows.net')]",
"azureCognitiveServicesPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.cognitiveservices.azure.com')]",
"azureIotHubsPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices.net')]",
"azureEventGridDomainsPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.eventgrid.azure.net')]",
"azureRedisCachePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.redis.cache.windows.net')]",
"azureAcrPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azurecr.io')]",
"azureEventHubNamespacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.servicebus.windows.net')]",
"azureMachineLearningWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.api.azureml.ms')]",
"azureMachineLearningWorkspaceSecondPrivateDnsZoneId" : "[concat(variables('baseId'), 'privatelink.notebooks.azure.net')]",
"azureServiceBusNamespacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.servicebus.windows.net')]",
"azureCognitiveSearchPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.search.windows.net')]",
"azureBotServicePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.directline.botframework.com')]",
"azureManagedGrafanaWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.grafana.azure.com')]",
"azureVirtualDesktopHostpoolPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.wvd.microsoft.com')]",
"azureVirtualDesktopWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.wvd.microsoft.com')]",
"azureIotDeviceupdatePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices.net')]",
"azureArcGuestconfigurationPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.guestconfiguration.azure.com')]",
"azureArcHybridResourceProviderPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.his.arc.azure.com')]",
"azureArcKubernetesConfigurationPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dp.kubernetesconfiguration.azure.com')]",
"azureIotCentralPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azureiotcentral.com')]",
"azureStorageTablePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.core.windows.net')]",
"azureStorageTableSecondaryPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.core.windows.net')]",
"azureSiteRecoveryBackupPrivateDnsZoneId": "[concat(variables('baseId'), replace('privatelink.regionGeoShortCode.backup.windowsazure.com','regionGeoShortCode',variables('azBackupGeoCodes')[toLower(parameters('location'))]))]",
"azureSiteRecoveryBlobPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.windows.net')]",
"azureSiteRecoveryQueuePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.queue.core.windows.net')]"
},
"policyDefinitions": {
"deployPrivateDnsZones": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones')]"
},
"policyAssignmentNames": {
"deployPrivateDnsZones": "Deploy-Private-DNS-Zones",
"displayName": "Configure Azure PaaS services to use private DNS zones",
"description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones"
},
"nonComplianceMessage": {
"message": "Azure PaaS services {enforcementMode} use private DNS zones.",
"Default": "must",
"DoNotEnforce": "should"
},
"roleAssignmentNames": {
"deployPrivateDnsZones": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').deployPrivateDnsZones))]"
},
"policyRbac": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"
},
"resources": [
{
"type": "Microsoft.Authorization/policyAssignments",
"apiVersion": "2022-06-01",
"name": "[variables('policyAssignmentNames').deployPrivateDnsZones]",
"location": "[deployment().location]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"description": "[variables('policyAssignmentNames').description]",
"displayName": "[variables('policyAssignmentNames').displayName]",
"policyDefinitionId": "[variables('policyDefinitions').deployPrivateDnsZones]",
"enforcementMode": "[parameters('enforcementMode')]",
"nonComplianceMessages": [
{
"message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]"
}
],
"parameters": {
"azureFilePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureFilePrivateDnsZoneId]"
},
"azureAutomationWebhookPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureAutomationWebhookPrivateDnsZoneId]"
},
"azureAutomationDSCHybridPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureAutomationDSCHybridPrivateDnsZoneId]"
},
"azureCosmosSQLPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureCosmosSQLPrivateDnsZoneId]"
},
"azureCosmosMongoPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureCosmosMongoPrivateDnsZoneId]"
},
"azureCosmosCassandraPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureCosmosCassandraPrivateDnsZoneId]"
},
"azureCosmosGremlinPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureCosmosGremlinPrivateDnsZoneId]"
},
"azureCosmosTablePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureCosmosTablePrivateDnsZoneId]"
},
"azureDataFactoryPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureDataFactoryPrivateDnsZoneId]"
},
"azureDataFactoryPortalPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureDataFactoryPortalPrivateDnsZoneId]"
},
"azureDatabricksPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureDatabricksPrivateDnsZoneId]"
},
"azureHDInsightPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureHDInsightPrivateDnsZoneId]"
},
"azureMigratePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureMigratePrivateDnsZoneId]"
},
"azureStorageBlobPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureStorageBlobPrivateDnsZoneId]"
},
"azureStorageBlobSecPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureStorageBlobSecPrivateDnsZoneId]"
},
"azureStorageQueuePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureStorageQueuePrivateDnsZoneId]"
},
"azureStorageQueueSecPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureStorageQueueSecPrivateDnsZoneId]"
},
"azureStorageFilePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureStorageFilePrivateDnsZoneId]"
},
"azureStorageStaticWebPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureStorageStaticWebPrivateDnsZoneId]"
},
"azureStorageStaticWebSecPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureStorageStaticWebSecPrivateDnsZoneId]"
},
"azureStorageDFSPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureStorageDFSPrivateDnsZoneId]"
},
"azureStorageDFSSecPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureStorageDFSSecPrivateDnsZoneId]"
},
"azureSynapseSQLPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureSynapseSQLPrivateDnsZoneId]"
},
"azureSynapseSQLODPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureSynapseSQLODPrivateDnsZoneId]"
},
"azureSynapseDevPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureSynapseDevPrivateDnsZoneId]"
},
"azureMediaServicesKeyPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureMediaServicesKeyPrivateDnsZoneId]"
},
"azureMediaServicesLivePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureMediaServicesLivePrivateDnsZoneId]"
},
"azureMediaServicesStreamPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureMediaServicesStreamPrivateDnsZoneId]"
},
"azureMonitorPrivateDnsZoneId1": {
"value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId1]"
},
"azureMonitorPrivateDnsZoneId2": {
"value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId2]"
},
"azureMonitorPrivateDnsZoneId3": {
"value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId3]"
},
"azureMonitorPrivateDnsZoneId4": {
"value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId4]"
},
"azureMonitorPrivateDnsZoneId5": {
"value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId5]"
},
"azureWebPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureWebPrivateDnsZoneId]"
},
"azureBatchPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureBatchPrivateDnsZoneId]"
},
"azureAppPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureAppPrivateDnsZoneId]"
},
"azureAsrPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureAsrPrivateDnsZoneId]"
},
"azureIotPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureIotPrivateDnsZoneId]"
},
"azureKeyVaultPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureKeyVaultPrivateDnsZoneId]"
},
"azureSignalRPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureSignalRPrivateDnsZoneId]"
},
"azureAppServicesPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureAppServicesPrivateDnsZoneId]"
},
"azureEventGridTopicsPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureEventGridTopicsPrivateDnsZoneId]"
},
"azureDiskAccessPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureDiskAccessPrivateDnsZoneId]"
},
"azureCognitiveServicesPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureCognitiveServicesPrivateDnsZoneId]"
},
"azureIotHubsPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureIotHubsPrivateDnsZoneId]"
},
"azureEventGridDomainsPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureEventGridDomainsPrivateDnsZoneId]"
},
"azureRedisCachePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureRedisCachePrivateDnsZoneId]"
},
"azureAcrPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureAcrPrivateDnsZoneId]"
},
"azureEventHubNamespacePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureEventHubNamespacePrivateDnsZoneId]"
},
"azureMachineLearningWorkspacePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureMachineLearningWorkspacePrivateDnsZoneId]"
},
"azureMachineLearningWorkspaceSecondPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureMachineLearningWorkspaceSecondPrivateDnsZoneId]"
},
"azureServiceBusNamespacePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureServiceBusNamespacePrivateDnsZoneId]"
},
"azureCognitiveSearchPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureCognitiveSearchPrivateDnsZoneId]"
},
"azureBotServicePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureBotServicePrivateDnsZoneId]"
},
"azureManagedGrafanaWorkspacePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureManagedGrafanaWorkspacePrivateDnsZoneId]"
},
"azureVirtualDesktopHostpoolPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureVirtualDesktopHostpoolPrivateDnsZoneId]"
},
"azureVirtualDesktopWorkspacePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureVirtualDesktopWorkspacePrivateDnsZoneId]"
},
"azureIotDeviceupdatePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureIotDeviceupdatePrivateDnsZoneId]"
},
"azureArcGuestconfigurationPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureArcGuestconfigurationPrivateDnsZoneId]"
},
"azureArcHybridResourceProviderPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureArcHybridResourceProviderPrivateDnsZoneId]"
},
"azureArcKubernetesConfigurationPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureArcKubernetesConfigurationPrivateDnsZoneId]"
},
"azureIotCentralPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureIotCentralPrivateDnsZoneId]"
},
"azureStorageTablePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureStorageTablePrivateDnsZoneId]"
},
"azureStorageTableSecondaryPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureStorageTableSecondaryPrivateDnsZoneId]"
},
"azureSiteRecoveryBackupPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureSiteRecoveryBackupPrivateDnsZoneId]"
},
"azureSiteRecoveryBlobPrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureSiteRecoveryBlobPrivateDnsZoneId]"
},
"azureSiteRecoveryQueuePrivateDnsZoneId": {
"value": "[variables('policyParameterMapping').azureSiteRecoveryQueuePrivateDnsZoneId]"
}
}
}
},
{
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2019-04-01-preview",
"name": "[variables('roleAssignmentNames').deployPrivateDnsZones]",
"dependsOn": [
"[variables('policyAssignmentNames').deployPrivateDnsZones]"
],
"properties": {
"principalType": "ServicePrincipal",
"roleDefinitionId": "[variables('policyRbac')]",
"principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployPrivateDnsZones), '2019-09-01', 'Full').identity.principalId)]"
}
}
],
"outputs": {
"principalId": {
"type": "string",
"value": "[reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployPrivateDnsZones), '2019-09-01', 'Full').identity.principalId]"
}
}
}