Comments (6)
One way to exclude the policy assignments you can remove these lines from here https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/blob/main/modules/archetypes/lib/archetype_definitions/archetype_definition_es_identity.tmpl.json#L4-L7
from terraform-azurerm-caf-enterprise-scale.
Hi,
Is it just the assignments you want to remove, or all policy artefacts?
from terraform-azurerm-caf-enterprise-scale.
I would like to make sure no assignments are done. Right now, the way I am doing it is via archetype_exclusion_es_.tmpl.json files where I have to list every single policy assignments, policy definitions and policy set definitions to exclude.
If I understand things correctly, these will be defined in EPAC... correct?
What if you release new policies or deprecate some of them. I will have to keep updating those exclusions in the JSON file.
It would be simpler if we could have a global switch that disables any kind of policy work in this module so that I can be assured that only EPAC will deploy and manage policies.
from terraform-azurerm-caf-enterprise-scale.
If you want to exclude all policies then use archetype_config_overrides and set the archetype for the management groups to default_empty.
This will mean you only deploy the MG structure.
from terraform-azurerm-caf-enterprise-scale.
OK, I think this could work for us. However, it looks like I would miss out on custom role definitions and any kind of "archetype_config" that could be defined at a later time. Do you foresee any issues there?
from terraform-azurerm-caf-enterprise-scale.
It's only role defs, we don't plan on expanding archetype config beyond its current capabilities.
from terraform-azurerm-caf-enterprise-scale.
Related Issues (20)
- use existing management group as a parent HOT 5
- How to change the default virtual hub attribute HOT 3
- How do I create a NSG and associate it with my Subnets in hub VNet? HOT 5
- ESLZ Pipeline plan throwing Graph error
- Bug Report bug: turn off "Allow 'hub' to receive forwarded traffic from 'vnet'"
- Bug Report: Policy VM Monitoring fails, permission lacking for policy HOT 4
- How do we perform a VNet Gateway connection with local n/w gateway using ALZ module? HOT 1
- Ability to rename AMA management resources HOT 4
- Unable to update module due to policy definition errors HOT 1
- Errors when upgrading from v5.0.0 to v5.2.0 HOT 3
- Bug Report : vWan - Virtual network connections breaking the other network resources during peering. HOT 1
- Invalid configuration when upgrading to v6.0.0
- "Enable allLogs category group resource logging for supported resources to Log Analytics" creates duplicate logs for Application Insights already using a Log Analytics Workspace HOT 4
- Bug Report: Customization of new management resources not working as expected HOT 1
- v6.0.0 has ContainerInsights log analytics solution being removed, which results in tables needed by current Container Insights deployments to be deleted HOT 1
- after upgrading to 6.0.0 terraform plan continually wants to update landing zones policy assignment config for Enforce-GR-KeyVault
- Redacted
- [Feature Request]: Custom Policy Role Scopes
- Bug Report: Hierarchy not created if using multi subscriptions with orchestration
- [Documentation]: References to Azure DDoS Standard plan should be changed to Azure DDoS Network Plan HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-azurerm-caf-enterprise-scale.