Fix #1073 - Update Private DNS Zones for Private Link (#1141)

* fix 1073 and update whats new * remove whitespace in array * added DNS zones
Azure · Nov 28, 2022 · 364d1d1 · 364d1d1
1 parent ff07fc8
commit 364d1d1
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 46 deletions.
diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md
@@ -60,6 +60,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
 #### Tooling
 
 - Updated ALZ Portal Accelerator to support all available Availability Zones as listed [here](https://learn.microsoft.com/azure/reliability/availability-zones-service-support#azure-regions-with-availability-zone-support)
+- Update ALZ Portal Accelerator Private DNS Zones for Private Link, fixing issue [#1073](https://github.com/Azure/Enterprise-Scale/issues/1073)
 
 ### Policy
 
@@ -87,7 +88,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
 - Minor fixes related to "**Deploy-Private-DNS-Zones**" Custom Initiative and respective Assignment:
   - Added missing Zones for **"WebPubSub"** and **"azure-devices-provisioning"**, so Initiative Assignment works correctly
   - Minor correction related to **ASR Private DNS Zone variable**, so Initiative Assignment works correctly
-  - Convertion of **"Azure Batch"** Private DNS Zone (from regional to global), to properly align with latest respective documentation and functionality
+  - Conversion of **"Azure Batch"** Private DNS Zone (from regional to global), to properly align with latest respective documentation and functionality
 - Renamed Azure DDoS Standard Protection references to [Azure DDoS Network Protection](https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-protection-sku-comparison#ddos-network-protection). 
 - Incremented version for policy Deploy-DDoSProtection from "version":"1.0.0" to "version": "1.0.1"
 - Added `Configure Microsoft Defender for Azure Cosmos DB to be enabled` to the `Deploy Microsoft Defender for Cloud configuration` initiative and updated version to `3.1.0` - Fixing issue [issue #1081](https://github.com/Azure/Enterprise-Scale/issues/1081)
@@ -97,7 +98,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
   - [Deploy-Nsg-FlowLogs-to-LA](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Nsg-FlowLogs-to-LA.html)
   - [Deny-PublicIp](https://www.azadvertizer.net/azpolicyadvertizer/Deny-PublicIP.html)
 
-  in favor of Azure built-in policies with the same or enhanced functionality.
+  in favour of Azure built-in policies with the same or enhanced functionality.
 
   | ALZ Policy ID(s)                               | Azure Builti-in Policy ID(s)                     |
   |------------------------------------------------|--------------------------------------|
@@ -110,7 +111,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
   - Added new parameter `minimalSeverity` with settings
     - Default value `High`
     - Allowed values: `High`, `Medium`, `Low`
-    
+
 - "**"Deploy-MDFC-Config"**" definition update
   - Updated policy definitions set Deploy-MDFC-Config, Deploy-MDFC-Config(US Gov), Deploy-MDFC-Config (China)
     - added new parameter `minimalSeverity`.

diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
@@ -875,60 +875,72 @@
             "backupForIdentity": "[take(guid(concat(parameters('enterpriseScaleCompanyPrefix'), 'idbackup')), 10)]"
         },
         "privateDnsZones": [
+            "[format('privatelink.{0}.azmk8s.io', toLower(parameters('connectivityLocation')))]",
+            "[format('privatelink.{0}.batch.azure.com', toLower(parameters('connectivityLocation')))]",
+            "[format('privatelink.{0}.kusto.windows.net', toLower(parameters('connectivityLocation')))]",
+            "privatelink.adf.azure.com",
+            "privatelink.afs.azure.net",
+            "privatelink.agentsvc.azure-automation.net",
+            "privatelink.analysis.windows.net",
+            "privatelink.api.azureml.ms",
+            "privatelink.azconfig.io",
+            "privatelink.azure-api.net",
             "privatelink.azure-automation.net",
-            "privatelink.database.windows.net",
-            "privatelink.sql.azuresynapse.net",
-            "privatelink.dev.azuresynapse.net",
+            "privatelink.azurecr.io",
+            "privatelink.azure-devices.net",
+            "privatelink.azure-devices-provisioning.net",
+            "privatelink.azurehdinsight.net",
+            "privatelink.azurehealthcareapis.com",
+            "privatelink.azurestaticapps.net",
             "privatelink.azuresynapse.net",
+            "privatelink.azurewebsites.net",
+            "privatelink.batch.azure.com",
             "privatelink.blob.core.windows.net",
-            "privatelink.table.core.windows.net",
-            "privatelink.queue.core.windows.net",
-            "privatelink.file.core.windows.net",
-            "privatelink.web.core.windows.net",
+            "privatelink.cassandra.cosmos.azure.com",
+            "privatelink.cognitiveservices.azure.com",
+            "privatelink.database.windows.net",
+            "privatelink.datafactory.azure.net",
+            "privatelink.dev.azuresynapse.net",
             "privatelink.dfs.core.windows.net",
+            "privatelink.dicom.azurehealthcareapis.com",
+            "privatelink.digitaltwins.azure.net",
+            "privatelink.directline.botframework.com",
             "privatelink.documents.azure.com",
-            "privatelink.mongo.cosmos.azure.com",
-            "privatelink.cassandra.cosmos.azure.com",
+            "privatelink.eventgrid.azure.net",
+            "privatelink.file.core.windows.net",
             "privatelink.gremlin.cosmos.azure.com",
-            "privatelink.table.cosmos.azure.com",
-            "privatelink.batch.azure.com",
-            "privatelink.postgres.database.azure.com",
-            "privatelink.mysql.database.azure.com",
-            "privatelink.mariadb.database.azure.com",
-            "privatelink.vaultcore.azure.net",
+            "privatelink.guestconfiguration.azure.com",
+            "privatelink.his.arc.azure.com",
+            "privatelink.kubernetesconfiguration.azure.com",
             "privatelink.managedhsm.azure.net",
-            "[concat('privatelink.', parameters('connectivityLocation'), '.azmk8s.io')]",
-            "privatelink.search.windows.net",
-            "privatelink.azurecr.io",
-            "privatelink.azconfig.io",
-            "privatelink.siterecovery.windowsazure.com",
-            "privatelink.servicebus.windows.net",
-            "privatelink.azure-devices.net",
-            "privatelink.eventgrid.azure.net",
-            "privatelink.azurewebsites.net",
-            "privatelink.api.azureml.ms",
-            "privatelink.notebooks.azure.net",
-            "privatelink.service.signalr.net",
+            "privatelink.mariadb.database.azure.com",
+            "privatelink.media.azure.net",
+            "privatelink.mongo.cosmos.azure.com",
             "privatelink.monitor.azure.com",
-            "privatelink.oms.opinsights.azure.com",
+            "privatelink.mysql.database.azure.com",
+            "privatelink.notebooks.azure.net",
             "privatelink.ods.opinsights.azure.com",
-            "privatelink.agentsvc.azure-automation.net",
-            "privatelink.cognitiveservices.azure.com",
-            "privatelink.afs.azure.net",
-            "privatelink.datafactory.azure.net",
-            "privatelink.adf.azure.com",
-            "privatelink.redis.cache.windows.net",
-            "privatelink.redisenterprise.cache.azure.net",
+            "privatelink.oms.opinsights.azure.com",
+            "privatelink.pbidedicated.windows.net",
+            "privatelink.postgres.database.azure.com",
+            "privatelink.prod.migration.windowsazure.com",
             "privatelink.purview.azure.com",
             "privatelink.purviewstudio.azure.com",
-            "privatelink.digitaltwins.azure.net",
-            "privatelink.azurehdinsight.net",
-            "privatelink.his.arc.azure.com",
-            "privatelink.guestconfiguration.azure.com",
-            "privatelink.media.azure.net",
-            "privatelink.prod.migration.windowsazure.com",
-            "privatelink.webpubsub.azure.com",
-            "privatelink.azure-devices-provisioning.net"
+            "privatelink.queue.core.windows.net",
+            "privatelink.redis.cache.windows.net",
+            "privatelink.redisenterprise.cache.azure.net",
+            "privatelink.search.windows.net",
+            "privatelink.service.signalr.net",
+            "privatelink.servicebus.windows.net",
+            "privatelink.siterecovery.windowsazure.com",
+            "privatelink.sql.azuresynapse.net",
+            "privatelink.table.core.windows.net",
+            "privatelink.table.cosmos.azure.com",
+            "privatelink.tip1.powerquery.microsoft.com",
+            "privatelink.token.botframework.com",
+            "privatelink.vaultcore.azure.net",
+            "privatelink.web.core.windows.net",
+            "privatelink.webpubsub.azure.com"
         ],
         "azBackupGeoCodes": {
             "australiacentral": "acl",