Skip to content

Commit

Permalink
Notification-hubs-namespaces-diagnostics (#408)
Browse files Browse the repository at this point in the history 
* Create msdevopssec.yml

* clean up

* Audit VM auto shutdown

* retention days in LAW

* server param audit log enabled mysqldb

* Restore

* Revert "clean up"

This reverts commit 6761358.

* delete

* Revert "Audit VM auto shutdown"

This reverts commit 8d3aefd.

* Revert "retention days in LAW"

This reverts commit ac8c3d5.

* Revert "server param audit log enabled mysqldb"

This reverts commit 9957c81.

* Diagnostic settings to EH and LAW for the resource type notification hubs namespaces

* Deploy budget on subscriptions

---------

Co-authored-by: Niclas Madsen <[email protected]>
  • Loading branch information
@vegazbabz
vegazbabz and vegazbabz authored Dec 13, 2023
1 parent d9c2b92 commit 7d9264d
Show file tree
Hide file tree
Showing 9 changed files with 1,331 additions and 0 deletions.
254 changes: 254 additions & 0 deletions policyDefinitions/Budget/deploy-subscription-budget-in-mg/azurepolicy.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,254 @@
{
"name": "6bd66aff-f8f2-4e98-a276-619a78b00e79",
"type": "Microsoft.Authorization/policyDefinitions",
"properties": {
"displayName": "Deploy subscription budget in MG",
"description": "Deploy a budget for a subscription that will notify the owner once a threshold of 50%, 90%, and 100% of the actual cost of budget is reached. Use the tags 'Owner-Email' and 'Technical-Contact-Email' with email addresses to send emails to those emails.",
"metadata": {
"category": "Budget",
"version": "1.0.0"
},
"mode": "All",
"parameters": {
"amount": {
"defaultValue": "1000",
"metadata": {
"description": "The total amount of cost or usage to track with the budget",
"displayName": "amount"
},
"type": "String"
},
"budgetName": {
"defaultValue": "budget-set-by-policy",
"metadata": {
"description": "The name for the budget to be created",
"displayName": "budgetName"
},
"type": "String"
},
"contactRoles": {
"defaultValue": [
"Contributor"
],
"metadata": {
"description": "The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.",
"displayName": "contactRoles"
},
"type": "Array"
},
"firstThreshold": {
"defaultValue": "50",
"metadata": {
"description": "Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.",
"displayName": "firstThreshold"
},
"type": "String"
},
"secondThreshold": {
"defaultValue": "90",
"metadata": {
"description": "Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.",
"displayName": "secondThreshold"
},
"type": "String"
},
"thirdThreshold": {
"defaultValue": "100",
"metadata": {
"description": "Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.",
"displayName": "thirdThreshold"
},
"type": "String"
},
"timeGrain": {
"allowedValues": [
"Monthly",
"Quarterly",
"Annually",
"BillingMonth",
"BillingQuarter",
"BillingAnnual"
],
"defaultValue": "BillingMonth",
"metadata": {
"description": "The time covered by a budget. Tracking of the amount will be reset based on the time grain.",
"displayName": "timeGrain"
},
"type": "String"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "DeployIfNotExists, AuditIfNotExists or Disabled the execution of the Policy"
},
"allowedValues": [
"DeployIfNotExists",
"AuditIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"allOf": [
{
"equals": "Microsoft.Resources/subscriptions",
"field": "type"
}
]
},
"then": {
"details": {
"deployment": {
"location": "westeurope",
"properties": {
"mode": "Incremental",
"parameters": {
"amount": {
"value": "[parameters('amount')]"
},
"budgetName": {
"value": "[parameters('budgetName')]"
},
"contactEmails": {
"value": [
"[field(concat('tags[','Owner-Email', ']'))]",
"[field(concat('tags[','Technical-Contact-Email', ']'))]"
]
},
"contactRoles": {
"value": "[parameters('contactRoles')]"
},
"firstThreshold": {
"value": "[parameters('firstThreshold')]"
},
"secondThreshold": {
"value": "[parameters('secondThreshold')]"
},
"thirdThreshold": {
"value": "[parameters('thirdThreshold')]"
},
"timeGrain": {
"value": "[parameters('timeGrain')]"
}
},
"template": {
"$schema": "http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"amount": {
"type": "String"
},
"budgetName": {
"type": "String"
},
"contactEmails": {
"type": "Array"
},
"contactRoles": {
"type": "Array"
},
"firstThreshold": {
"type": "String"
},
"secondThreshold": {
"type": "String"
},
"thirdThreshold": {
"type": "String"
},
"startDate": {
"defaultValue": "[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]",
"type": "String"
},
"timeGrain": {
"type": "String"
}
},
"resources": [
{
"apiVersion": "2021-10-01",
"name": "[parameters('budgetName')]",
"properties": {
"amount": "[parameters('amount')]",
"category": "Cost",
"notifications": {
"NotificationForExceededBudget1": {
"contactEmails": "[parameters('contactEmails')]",
"contactRoles": "[parameters('contactRoles')]",
"enabled": true,
"operator": "GreaterThan",
"threshold": "[parameters('firstThreshold')]"
},
"NotificationForExceededBudget2": {
"contactEmails": "[parameters('contactEmails')]",
"contactRoles": "[parameters('contactRoles')]",
"enabled": true,
"operator": "GreaterThan",
"threshold": "[parameters('secondThreshold')]"
},
"NotificationForExceededBudget3": {
"contactEmails": "[parameters('contactEmails')]",
"contactRoles": "[parameters('contactRoles')]",
"enabled": true,
"operator": "GreaterThan",
"threshold": "[parameters('thirdThreshold')]"
},
"NotificationForExceededBudget4": {
"contactEmails": "[parameters('contactEmails')]",
"contactRoles": "[parameters('contactRoles')]",
"enabled": true,
"operator": "GreaterThan",
"threshold": "[parameters('firstThreshold')]",
"thresholdType": "Forecasted"
},
"NotificationForExceededBudget5": {
"contactEmails": "[parameters('contactEmails')]",
"contactRoles": "[parameters('contactRoles')]",
"enabled": true,
"operator": "GreaterThan",
"threshold": "[parameters('thirdThreshold')]",
"thresholdType": "Forecasted"
}
},
"timeGrain": "[parameters('timeGrain')]",
"timePeriod": {
"startDate": "[parameters('startDate')]"
}
},
"type": "Microsoft.Consumption/budgets"
}
]
}
}
},
"deploymentScope": "subscription",
"existenceCondition": {
"allOf": [
{
"equals": "[parameters('amount')]",
"field": "Microsoft.Consumption/budgets/amount"
},
{
"equals": "[parameters('timeGrain')]",
"field": "Microsoft.Consumption/budgets/timeGrain"
},
{
"equals": "Cost",
"field": "Microsoft.Consumption/budgets/category"
}
]
},
"existenceScope": "subscription",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430"
],
"type": "Microsoft.Consumption/budgets"
},
"effect": "[parameters('effect')]"
}
}
}
}
81 changes: 81 additions & 0 deletions policyDefinitions/Budget/deploy-subscription-budget-in-mg/azurepolicy.parameters.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
{
"amount": {
"defaultValue": "1000",
"metadata": {
"description": "The total amount of cost or usage to track with the budget",
"displayName": "amount"
},
"type": "String"
},
"budgetName": {
"defaultValue": "budget-set-by-policy",
"metadata": {
"description": "The name for the budget to be created",
"displayName": "budgetName"
},
"type": "String"
},
"contactRoles": {
"defaultValue": [
"Contributor"
],
"metadata": {
"description": "The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.",
"displayName": "contactRoles"
},
"type": "Array"
},
"firstThreshold": {
"defaultValue": "50",
"metadata": {
"description": "Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.",
"displayName": "firstThreshold"
},
"type": "String"
},
"secondThreshold": {
"defaultValue": "90",
"metadata": {
"description": "Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.",
"displayName": "secondThreshold"
},
"type": "String"
},
"thirdThreshold": {
"defaultValue": "100",
"metadata": {
"description": "Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.",
"displayName": "thirdThreshold"
},
"type": "String"
},
"timeGrain": {
"allowedValues": [
"Monthly",
"Quarterly",
"Annually",
"BillingMonth",
"BillingQuarter",
"BillingAnnual"
],
"defaultValue": "BillingMonth",
"metadata": {
"description": "The time covered by a budget. Tracking of the amount will be reset based on the time grain.",
"displayName": "timeGrain"
},
"type": "String"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "DeployIfNotExists, AuditIfNotExists or Disabled the execution of the Policy"
},
"allowedValues": [
"DeployIfNotExists",
"AuditIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
}
Loading

0 comments on commit 7d9264d

Please sign in to comment.