Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log Analytics policy has hardcoded location of West Central US #1858

Open
sshockley opened this issue Dec 4, 2024 · 2 comments
Open

Log Analytics policy has hardcoded location of West Central US #1858

sshockley opened this issue Dec 4, 2024 · 2 comments
Labels
Area: Sovereign 👽 GH issues raised for sovereign clouds (US Gov, China) bug Something isn't working Type: Bug 🪲 Something isn't working
Milestone
sovereign

Comments

@sshockley
Copy link

Describe the bug
Azure built-in policy, 8e3e61b3-0b32-22d5-4edf-55f87fdb5955/Configure Log Analytics workspace and automation account to centralize logs and monitoring, has a hardcoded deployment location of "West Central US". This causes deployments to Azure Government to fail. The location should be paramaterized, not hardcoded.

Steps to reproduce

  1. Deploy DINE-LogAnalyticsPolicyAssignment.json via New-AzManagementGroupDeployment
  2. Create remediation task
  3. All sub-tasks fail, with error:
{
    "error": {
        "code": "LocationNotAvailableForDeployment",
        "target": "/subscriptions/92d2c390-1ca1-4c35-b5be-79ca28a1f82f/providers/Microsoft.Resources/deployments/PolicyDeployment_16785706964057898929",
        "message": "The provided location 'West Central US' is not available for deployment. List of available regions is 'usgovarizona,usgovvirginia,usgovtexas,usgoviowa,usdodeast,usdodcentral'."
    }
}

Azure/azure-policy#960 is related, but it's been open since 2022 with no response.

Also see https://www.azadvertizer.net/azpolicyadvertizer/8e3e61b3-0b32-22d5-4edf-55f87fdb5955.html for policy definition.

This was a fun one, was wondering where the location was coming from when it's not in my code. Please let me know if there's a better place to report this, thanks.
@sshockley sshockley added the bug Something isn't working label Dec 4, 2024
@sshockley sshockley mentioned this issue Dec 6, 2024
Closed
@sshockley
Copy link
Author

I created a PR in what seems to be the upstream repo. Hopefully someone takes a look at it, but based on the other PRs in that repo it looks like PRs only get closed when the submitter finally deletes their fork.

@Springstone Springstone added Area: Sovereign 👽 GH issues raised for sovereign clouds (US Gov, China) Type: Bug 🪲 Something isn't working labels Dec 17, 2024
@Springstone Springstone added this to the sovereign milestone Dec 17, 2024
@Springstone
Copy link
Member

@sshockley thanks for raising this issue. This is a sovereign cloud issue, which has been difficult for us to triage as getting access to those environments is challenging. We now have a team member with access, but as you can imagine we have to triage 2 years' worth of updates against USGov and China.
Currently, we're prioritizing removing any policies from ALZ that are not supported in the sovereign cloud (US Gov, China) so that we can at least complete a landing zone deployment in that cloud, successfully.
Can you confirm that the built-in policy 8e3e61b3-0b32-22d5-4edf-55f87fdb5955 is available in US Gov cloud?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: Sovereign 👽 GH issues raised for sovereign clouds (US Gov, China) bug Something isn't working Type: Bug 🪲 Something isn't working
Projects
None yet
Milestone
sovereign
Development

Successfully merging a pull request may close this issue.

Remove hardcoded location, fix minor typos sshockley/azure-policy
2 participants
@sshockley @Springstone