From 364d1d173b191af9ca131500d626af26bbe8db5d Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Mon, 28 Nov 2022 18:38:06 +0000 Subject: [PATCH] Fix #1073 - Update Private DNS Zones for Private Link (#1141) * fix 1073 and update whats new * remove whitespace in array * added DNS zones --- docs/wiki/Whats-new.md | 7 +-- eslzArm/eslzArm.json | 98 ++++++++++++++++++++++++------------------ 2 files changed, 59 insertions(+), 46 deletions(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 38422df62f..a60b9cfa3e 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -60,6 +60,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: #### Tooling - Updated ALZ Portal Accelerator to support all available Availability Zones as listed [here](https://learn.microsoft.com/azure/reliability/availability-zones-service-support#azure-regions-with-availability-zone-support) +- Update ALZ Portal Accelerator Private DNS Zones for Private Link, fixing issue [#1073](https://github.com/Azure/Enterprise-Scale/issues/1073) ### Policy @@ -87,7 +88,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Minor fixes related to "**Deploy-Private-DNS-Zones**" Custom Initiative and respective Assignment: - Added missing Zones for **"WebPubSub"** and **"azure-devices-provisioning"**, so Initiative Assignment works correctly - Minor correction related to **ASR Private DNS Zone variable**, so Initiative Assignment works correctly - - Convertion of **"Azure Batch"** Private DNS Zone (from regional to global), to properly align with latest respective documentation and functionality + - Conversion of **"Azure Batch"** Private DNS Zone (from regional to global), to properly align with latest respective documentation and functionality - Renamed Azure DDoS Standard Protection references to [Azure DDoS Network Protection](https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-protection-sku-comparison#ddos-network-protection). - Incremented version for policy Deploy-DDoSProtection from "version":"1.0.0" to "version": "1.0.1" - Added `Configure Microsoft Defender for Azure Cosmos DB to be enabled` to the `Deploy Microsoft Defender for Cloud configuration` initiative and updated version to `3.1.0` - Fixing issue [issue #1081](https://github.com/Azure/Enterprise-Scale/issues/1081) @@ -97,7 +98,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - [Deploy-Nsg-FlowLogs-to-LA](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Nsg-FlowLogs-to-LA.html) - [Deny-PublicIp](https://www.azadvertizer.net/azpolicyadvertizer/Deny-PublicIP.html) - in favor of Azure built-in policies with the same or enhanced functionality. + in favour of Azure built-in policies with the same or enhanced functionality. | ALZ Policy ID(s) | Azure Builti-in Policy ID(s) | |------------------------------------------------|--------------------------------------| @@ -110,7 +111,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Added new parameter `minimalSeverity` with settings - Default value `High` - Allowed values: `High`, `Medium`, `Low` - + - "**"Deploy-MDFC-Config"**" definition update - Updated policy definitions set Deploy-MDFC-Config, Deploy-MDFC-Config(US Gov), Deploy-MDFC-Config (China) - added new parameter `minimalSeverity`. diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index f133e0a04a..b871351ba7 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -875,60 +875,72 @@ "backupForIdentity": "[take(guid(concat(parameters('enterpriseScaleCompanyPrefix'), 'idbackup')), 10)]" }, "privateDnsZones": [ + "[format('privatelink.{0}.azmk8s.io', toLower(parameters('connectivityLocation')))]", + "[format('privatelink.{0}.batch.azure.com', toLower(parameters('connectivityLocation')))]", + "[format('privatelink.{0}.kusto.windows.net', toLower(parameters('connectivityLocation')))]", + "privatelink.adf.azure.com", + "privatelink.afs.azure.net", + "privatelink.agentsvc.azure-automation.net", + "privatelink.analysis.windows.net", + "privatelink.api.azureml.ms", + "privatelink.azconfig.io", + "privatelink.azure-api.net", "privatelink.azure-automation.net", - "privatelink.database.windows.net", - "privatelink.sql.azuresynapse.net", - "privatelink.dev.azuresynapse.net", + "privatelink.azurecr.io", + "privatelink.azure-devices.net", + "privatelink.azure-devices-provisioning.net", + "privatelink.azurehdinsight.net", + "privatelink.azurehealthcareapis.com", + "privatelink.azurestaticapps.net", "privatelink.azuresynapse.net", + "privatelink.azurewebsites.net", + "privatelink.batch.azure.com", "privatelink.blob.core.windows.net", - "privatelink.table.core.windows.net", - "privatelink.queue.core.windows.net", - "privatelink.file.core.windows.net", - "privatelink.web.core.windows.net", + "privatelink.cassandra.cosmos.azure.com", + "privatelink.cognitiveservices.azure.com", + "privatelink.database.windows.net", + "privatelink.datafactory.azure.net", + "privatelink.dev.azuresynapse.net", "privatelink.dfs.core.windows.net", + "privatelink.dicom.azurehealthcareapis.com", + "privatelink.digitaltwins.azure.net", + "privatelink.directline.botframework.com", "privatelink.documents.azure.com", - "privatelink.mongo.cosmos.azure.com", - "privatelink.cassandra.cosmos.azure.com", + "privatelink.eventgrid.azure.net", + "privatelink.file.core.windows.net", "privatelink.gremlin.cosmos.azure.com", - "privatelink.table.cosmos.azure.com", - "privatelink.batch.azure.com", - "privatelink.postgres.database.azure.com", - "privatelink.mysql.database.azure.com", - "privatelink.mariadb.database.azure.com", - "privatelink.vaultcore.azure.net", + "privatelink.guestconfiguration.azure.com", + "privatelink.his.arc.azure.com", + "privatelink.kubernetesconfiguration.azure.com", "privatelink.managedhsm.azure.net", - "[concat('privatelink.', parameters('connectivityLocation'), '.azmk8s.io')]", - "privatelink.search.windows.net", - "privatelink.azurecr.io", - "privatelink.azconfig.io", - "privatelink.siterecovery.windowsazure.com", - "privatelink.servicebus.windows.net", - "privatelink.azure-devices.net", - "privatelink.eventgrid.azure.net", - "privatelink.azurewebsites.net", - "privatelink.api.azureml.ms", - "privatelink.notebooks.azure.net", - "privatelink.service.signalr.net", + "privatelink.mariadb.database.azure.com", + "privatelink.media.azure.net", + "privatelink.mongo.cosmos.azure.com", "privatelink.monitor.azure.com", - "privatelink.oms.opinsights.azure.com", + "privatelink.mysql.database.azure.com", + "privatelink.notebooks.azure.net", "privatelink.ods.opinsights.azure.com", - "privatelink.agentsvc.azure-automation.net", - "privatelink.cognitiveservices.azure.com", - "privatelink.afs.azure.net", - "privatelink.datafactory.azure.net", - "privatelink.adf.azure.com", - "privatelink.redis.cache.windows.net", - "privatelink.redisenterprise.cache.azure.net", + "privatelink.oms.opinsights.azure.com", + "privatelink.pbidedicated.windows.net", + "privatelink.postgres.database.azure.com", + "privatelink.prod.migration.windowsazure.com", "privatelink.purview.azure.com", "privatelink.purviewstudio.azure.com", - "privatelink.digitaltwins.azure.net", - "privatelink.azurehdinsight.net", - "privatelink.his.arc.azure.com", - "privatelink.guestconfiguration.azure.com", - "privatelink.media.azure.net", - "privatelink.prod.migration.windowsazure.com", - "privatelink.webpubsub.azure.com", - "privatelink.azure-devices-provisioning.net" + "privatelink.queue.core.windows.net", + "privatelink.redis.cache.windows.net", + "privatelink.redisenterprise.cache.azure.net", + "privatelink.search.windows.net", + "privatelink.service.signalr.net", + "privatelink.servicebus.windows.net", + "privatelink.siterecovery.windowsazure.com", + "privatelink.sql.azuresynapse.net", + "privatelink.table.core.windows.net", + "privatelink.table.cosmos.azure.com", + "privatelink.tip1.powerquery.microsoft.com", + "privatelink.token.botframework.com", + "privatelink.vaultcore.azure.net", + "privatelink.web.core.windows.net", + "privatelink.webpubsub.azure.com" ], "azBackupGeoCodes": { "australiacentral": "acl",