diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Health.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Health.bicep index 79f10049..60e8229d 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Health.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Health.bicep @@ -3,12 +3,13 @@ targetScope = 'managementGroup' param policyLocation string = 'centralus' param parResourceGroupName string = 'AlzMonitoring-rg' param parResourceGroupLocation string = 'centralus' +param parActionGroupEmail string = 'action@mail.com' param deploymentRoleDefinitionIds array = [ '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' ] param parResourceGroupTags object = { environment: 'test' - _deployed_by_alz_monitor: true + _deployed_by_alz_monitor: true } param parAlertState string = 'true' @@ -23,7 +24,7 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin description: 'DINE policy to Deploy Service Health Advisory Alert' location: policyLocation metadata: { - version: '1.0.1' + version: '1.1.0' Category: 'ServiceHealth' source: 'https://github.com/Azure/ALZ-Monitor/' _deployed_by_alz_monitor: 'True' @@ -65,6 +66,14 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin } defaultValue: parResourceGroupLocation } + ALZMonitorActionGroupEmail: { + type: 'String' + metadata: { + displayName: 'Action Group Email' + description: 'Email address to send alerts to' + } + defaultValue: parActionGroupEmail + } MonitorDisable: { type: 'String' metadata: { @@ -155,6 +164,9 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin alertResourceGroupLocation: { type: 'string' } + ALZMonitorActionGroupEmail: { + type: 'string' + } policyLocation: { type: 'string' defaultValue: policyLocation @@ -163,8 +175,7 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin type: 'string' } } - variables: { - } + variables: {} resources: [ { type: 'Microsoft.Resources/resourceGroups' @@ -193,6 +204,9 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin alertResourceGroupName: { type: 'string' } + ALZMonitorActionGroupEmail: { + type: 'string' + } } variables: {} resources: [ @@ -200,11 +214,21 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin type: 'microsoft.insights/activityLogAlerts' apiVersion: '2020-10-01' location: 'global' + dependsOn: [ + '''[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AlzActionGrp')]''' + ] tags: { _deployed_by_alz_monitor: true } name: 'ServiceHealthAdvisoryEvent' properties: { + actions: { + actionGroups: [ + { + actionGroupId: '''[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AlzActionGrp')]''' + } + ] + } description: 'Service Health Advisory Alert' enabled: '[parameters(\'enabled\')]' scopes: [ @@ -229,6 +253,26 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin } } } + { + type: 'Microsoft.Insights/actionGroups' + apiVersion: '2022-04-01' + name: 'AlzActionGrp' + location: 'global' + tags: { + _deployed_by_alz_monitor: true + } + properties: { + groupShortName: 'AlzActionGrp' + enabled: true + emailReceivers: [ + { + name: 'AlzMail' + emailAddress: '[parameters(\'ALZMonitorActionGroupEmail\')]' + useCommonAlertSchema: true + } + ] + } + } ] } parameters: { @@ -238,7 +282,10 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin alertResourceGroupName: { value: '[parameters(\'alertResourceGroupName\')]' } - } + ALZMonitorActionGroupEmail: { + value: '[parameters(\'ALZMonitorActionGroupEmail\')]' + } + } } } ] @@ -253,6 +300,9 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin alertResourceGroupTags: { value: '[parameters(\'alertResourceGroupTags\')]' } + ALZMonitorActionGroupEmail: { + value: '[parameters(\'ALZMonitorActionGroupEmail\')]' + } alertResourceGroupLocation: { value: '[parameters(\'alertResourceGroupLocation\')]' } diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Incident.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Incident.bicep index e2d1d905..d4c284a0 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Incident.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Incident.bicep @@ -3,12 +3,13 @@ targetScope = 'managementGroup' param policyLocation string = 'centralus' param parResourceGroupName string = 'AlzMonitoring-rg' param parResourceGroupLocation string = 'centralus' +param parActionGroupEmail string = 'action@mail.com' param deploymentRoleDefinitionIds array = [ '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' ] param parResourceGroupTags object = { environment: 'test' - _deployed_by_alz_monitor: true + _deployed_by_alz_monitor: true } param parAlertState string = 'true' @@ -23,7 +24,7 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin description: 'DINE policy to Deploy Service Health Incident Alert' location: policyLocation metadata: { - version: '1.0.1' + version: '1.1.0' Category: 'ServiceHealth' source: 'https://github.com/Azure/ALZ-Monitor/' _deployed_by_alz_monitor: 'True' @@ -65,14 +66,21 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin } defaultValue: parResourceGroupLocation } - + ALZMonitorActionGroupEmail: { + type: 'String' + metadata: { + displayName: 'Action Group Email' + description: 'Email address to send alerts to' + } + defaultValue: parActionGroupEmail + } MonitorDisable: { type: 'String' metadata: { displayName: 'Effect' description: 'Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled' } - + defaultValue: parMonitorDisable } } @@ -157,6 +165,9 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin alertResourceGroupLocation: { type: 'string' } + ALZMonitorActionGroupEmail: { + type: 'string' + } policyLocation: { type: 'string' defaultValue: policyLocation @@ -194,6 +205,9 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin alertResourceGroupName: { type: 'string' } + ALZMonitorActionGroupEmail: { + type: 'string' + } } variables: {} resources: [ @@ -202,10 +216,20 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin apiVersion: '2020-10-01' name: 'ServieHealthIncident' location: 'global' + dependsOn: [ + '''[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AlzActionGrp')]''' + ] tags: { _deployed_by_alz_monitor: true } properties: { + actions: { + actionGroups: [ + { + actionGroupId: '''[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AlzActionGrp')]''' + } + ] + } description: 'ServiceHealthIncidentAlert' enabled: '[parameters(\'enabled\')]' scopes: [ @@ -231,6 +255,26 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin } } } + { + type: 'Microsoft.Insights/actionGroups' + apiVersion: '2022-04-01' + name: 'AlzActionGrp' + location: 'global' + tags: { + _deployed_by_alz_monitor: true + } + properties: { + groupShortName: 'AlzActionGrp' + enabled: true + emailReceivers: [ + { + name: 'AlzMail' + emailAddress: '[parameters(\'ALZMonitorActionGroupEmail\')]' + useCommonAlertSchema: true + } + ] + } + } ] } parameters: { @@ -240,6 +284,9 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin alertResourceGroupName: { value: '[parameters(\'alertResourceGroupName\')]' } + ALZMonitorActionGroupEmail: { + value: '[parameters(\'ALZMonitorActionGroupEmail\')]' + } } } } @@ -258,6 +305,9 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin alertResourceGroupLocation: { value: '[parameters(\'alertResourceGroupLocation\')]' } + ALZMonitorActionGroupEmail: { + value: '[parameters(\'ALZMonitorActionGroupEmail\')]' + } } } } diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Maintenance.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Maintenance.bicep index 22ad8fbc..06d7367b 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Maintenance.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Maintenance.bicep @@ -3,12 +3,13 @@ targetScope = 'managementGroup' param policyLocation string = 'centralus' param parResourceGroupName string = 'AlzMonitoring-rg' param parResourceGroupLocation string = 'centralus' +param parActionGroupEmail string = 'action@mail.com' param deploymentRoleDefinitionIds array = [ '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' ] param parResourceGroupTags object = { environment: 'test' - _deployed_by_alz_monitor: true + _deployed_by_alz_monitor: true } param parAlertState string = 'true' @@ -23,7 +24,7 @@ module ServiceHealthMaintenanceAlert '../../arm/Microsoft.Authorization/policyDe description: 'DINE policy to Deploy Service Health Maintenance Alert' location: policyLocation metadata: { - version: '1.0.1' + version: '1.1.0' Category: 'ServiceHealth' source: 'https://github.com/Azure/ALZ-Monitor/' _deployed_by_alz_monitor: 'True' @@ -65,14 +66,21 @@ module ServiceHealthMaintenanceAlert '../../arm/Microsoft.Authorization/policyDe } defaultValue: parResourceGroupLocation } - + ALZMonitorActionGroupEmail: { + type: 'String' + metadata: { + displayName: 'Action Group Email' + description: 'Email address to send alerts to' + } + defaultValue: parActionGroupEmail + } MonitorDisable: { type: 'String' metadata: { displayName: 'Effect' description: 'Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled' } - + defaultValue: parMonitorDisable } } @@ -157,6 +165,9 @@ module ServiceHealthMaintenanceAlert '../../arm/Microsoft.Authorization/policyDe alertResourceGroupLocation: { type: 'string' } + ALZMonitorActionGroupEmail: { + type: 'string' + } policyLocation: { type: 'string' defaultValue: policyLocation @@ -194,6 +205,9 @@ module ServiceHealthMaintenanceAlert '../../arm/Microsoft.Authorization/policyDe alertResourceGroupName: { type: 'string' } + ALZMonitorActionGroupEmail: { + type: 'string' + } } variables: {} resources: [ @@ -202,10 +216,20 @@ module ServiceHealthMaintenanceAlert '../../arm/Microsoft.Authorization/policyDe apiVersion: '2020-10-01' name: 'ServiceHealthPlannedMaintenance' location: 'global' + dependsOn: [ + '''[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AlzActionGrp')]''' + ] tags: { _deployed_by_alz_monitor: true } properties: { + actions: { + actionGroups: [ + { + actionGroupId: '''[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AlzActionGrp')]''' + } + ] + } description: 'ServiceHealthPlannedMaintenance Alert' enabled: '[parameters(\'enabled\')]' scopes: [ @@ -231,6 +255,26 @@ module ServiceHealthMaintenanceAlert '../../arm/Microsoft.Authorization/policyDe } } } + { + type: 'Microsoft.Insights/actionGroups' + apiVersion: '2022-04-01' + name: 'AlzActionGrp' + location: 'global' + tags: { + _deployed_by_alz_monitor: true + } + properties: { + groupShortName: 'AlzActionGrp' + enabled: true + emailReceivers: [ + { + name: 'AlzMail' + emailAddress: '[parameters(\'ALZMonitorActionGroupEmail\')]' + useCommonAlertSchema: true + } + ] + } + } ] } parameters: { @@ -240,6 +284,9 @@ module ServiceHealthMaintenanceAlert '../../arm/Microsoft.Authorization/policyDe alertResourceGroupName: { value: '[parameters(\'alertResourceGroupName\')]' } + ALZMonitorActionGroupEmail: { + value: '[parameters(\'ALZMonitorActionGroupEmail\')]' + } } } } @@ -259,6 +306,9 @@ module ServiceHealthMaintenanceAlert '../../arm/Microsoft.Authorization/policyDe alertResourceGroupLocation: { value: '[parameters(\'alertResourceGroupLocation\')]' } + ALZMonitorActionGroupEmail: { + value: '[parameters(\'ALZMonitorActionGroupEmail\')]' + } } } } diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Security.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Security.bicep index 24534a60..5268c7f7 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Security.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Security.bicep @@ -3,12 +3,13 @@ targetScope = 'managementGroup' param policyLocation string = 'centralus' param parResourceGroupName string = 'AlzMonitoring-rg' param parResourceGroupLocation string = 'centralus' +param parActionGroupEmail string = 'action@mail.com' param deploymentRoleDefinitionIds array = [ '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' ] param parResourceGroupTags object = { environment: 'test' - _deployed_by_alz_monitor: true + _deployed_by_alz_monitor: true } param parAlertState string = 'true' @@ -23,7 +24,7 @@ module ServiceHealthSecurityAlert '../../arm/Microsoft.Authorization/policyDefin description: 'DINE policy to Deploy Service Health Security Advisory Alert' location: policyLocation metadata: { - version: '1.0.1' + version: '1.1.0' Category: 'ServiceHealth' source: 'https://github.com/Azure/ALZ-Monitor/' _deployed_by_alz_monitor: 'True' @@ -65,14 +66,21 @@ module ServiceHealthSecurityAlert '../../arm/Microsoft.Authorization/policyDefin } defaultValue: parResourceGroupLocation } - + ALZMonitorActionGroupEmail: { + type: 'String' + metadata: { + displayName: 'Action Group Email' + description: 'Email address to send alerts to' + } + defaultValue: parActionGroupEmail + } MonitorDisable: { type: 'String' metadata: { displayName: 'Effect' description: 'Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled' } - + defaultValue: parMonitorDisable } } @@ -156,6 +164,9 @@ module ServiceHealthSecurityAlert '../../arm/Microsoft.Authorization/policyDefin alertResourceGroupLocation: { type: 'string' } + ALZMonitorActionGroupEmail: { + type: 'string' + } policyLocation: { type: 'string' defaultValue: policyLocation @@ -193,6 +204,9 @@ module ServiceHealthSecurityAlert '../../arm/Microsoft.Authorization/policyDefin alertResourceGroupName: { type: 'string' } + ALZMonitorActionGroupEmail: { + type: 'string' + } } variables: {} resources: [ @@ -201,10 +215,20 @@ module ServiceHealthSecurityAlert '../../arm/Microsoft.Authorization/policyDefin apiVersion: '2020-10-01' name: 'ServiceHealthSecurityIncident' location: 'global' + dependsOn: [ + '''[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AlzActionGrp')]''' + ] tags: { _deployed_by_alz_monitor: true } properties: { + actions: { + actionGroups: [ + { + actionGroupId: '''[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AlzActionGrp')]''' + } + ] + } description: 'Service Health Security Alert' enabled: '[parameters(\'enabled\')]' scopes: [ @@ -229,6 +253,26 @@ module ServiceHealthSecurityAlert '../../arm/Microsoft.Authorization/policyDefin } } } + { + type: 'Microsoft.Insights/actionGroups' + apiVersion: '2022-04-01' + name: 'AlzActionGrp' + location: 'global' + tags: { + _deployed_by_alz_monitor: true + } + properties: { + groupShortName: 'AlzActionGrp' + enabled: true + emailReceivers: [ + { + name: 'AlzMail' + emailAddress: '[parameters(\'ALZMonitorActionGroupEmail\')]' + useCommonAlertSchema: true + } + ] + } + } ] } parameters: { @@ -238,6 +282,9 @@ module ServiceHealthSecurityAlert '../../arm/Microsoft.Authorization/policyDefin alertResourceGroupName: { value: '[parameters(\'alertResourceGroupName\')]' } + ALZMonitorActionGroupEmail: { + value: '[parameters(\'ALZMonitorActionGroupEmail\')]' + } } } } @@ -253,6 +300,9 @@ module ServiceHealthSecurityAlert '../../arm/Microsoft.Authorization/policyDefin alertResourceGroupTags: { value: '[parameters(\'alertResourceGroupTags\')]' } + ALZMonitorActionGroupEmail: { + value: '[parameters(\'ALZMonitorActionGroupEmail\')]' + } alertResourceGroupLocation: { value: '[parameters(\'alertResourceGroupLocation\')]' } diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json index 54f2bed6..a193d2eb 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json @@ -20,7 +20,7 @@ "name": "Alerting-ServiceHealth", "properties": { "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Monitoring", "source": "https://github.com/Azure/ALZ-Monitor/" }, @@ -58,8 +58,7 @@ "svcHlthSecAdvisoryAlertState": { "type": "string", "defaultValue": "true" - } - , + }, "ALZMonitorActionGroupEmail": { "type": "string", "defaultValue": "action@mail.com" @@ -101,6 +100,9 @@ }, "alertResourceGroupLocation": { "value": "[[parameters('ALZMonitorResourceGroupLocation')]" + }, + "ALZMonitorActionGroupEmail": { + "value": "[[parameters('ALZMonitorActionGroupEmail')]" } } }, @@ -118,6 +120,9 @@ }, "alertResourceGroupLocation": { "value": "[[parameters('ALZMonitorResourceGroupLocation')]" + }, + "ALZMonitorActionGroupEmail": { + "value": "[[parameters('ALZMonitorActionGroupEmail')]" } } }, @@ -134,6 +139,9 @@ }, "alertResourceGroupLocation": { "value": "[[parameters('ALZMonitorResourceGroupLocation')]" + }, + "ALZMonitorActionGroupEmail": { + "value": "[[parameters('ALZMonitorActionGroupEmail')]" } }, "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Maintenance')]" @@ -151,13 +159,15 @@ }, "alertResourceGroupLocation": { "value": "[[parameters('ALZMonitorResourceGroupLocation')]" + }, + "ALZMonitorActionGroupEmail": { + "value": "[[parameters('ALZMonitorActionGroupEmail')]" } }, "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_SecurityAdvisory')]" - } - , - { - "parameters": { + }, + { + "parameters": { "ALZMonitorResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -173,9 +183,9 @@ "MonitorDisable": { "value": "[[parameters('MonitorDisable')]" } - }, - "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AlertProcessing_Rule')]" - } + }, + "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AlertProcessing_Rule')]" + } ], "policyType": "Custom" }