From 6ccad829c9ef97b5f80879b8befc6d746a98ca5d Mon Sep 17 00:00:00 2001 From: Arjen Huitema Date: Fri, 2 Aug 2024 10:38:27 +0200 Subject: [PATCH] Initial policy template --- .../policy/activity-administrative.json | 285 +++++++++ tooling/generate-templates/policy/log.json | 603 ++++++++++++++++++ .../policy/metric-dynamic.json | 350 ++++++++++ .../policy/metric-static.json | 333 ++++++++++ 4 files changed, 1571 insertions(+) create mode 100644 tooling/generate-templates/policy/activity-administrative.json create mode 100644 tooling/generate-templates/policy/log.json create mode 100644 tooling/generate-templates/policy/metric-dynamic.json create mode 100644 tooling/generate-templates/policy/metric-static.json diff --git a/tooling/generate-templates/policy/activity-administrative.json b/tooling/generate-templates/policy/activity-administrative.json new file mode 100644 index 000000000..9eb7c057e --- /dev/null +++ b/tooling/generate-templates/policy/activity-administrative.json @@ -0,0 +1,285 @@ +{ + "type": "Microsoft.Authorization/policyDefinitions", + "apiVersion": "2021-06-01", + "name": "##POLICY_NAME##", + "properties": { + "policyType": "Custom", + "mode": "All", + "displayName": "##POLICY_DISPLAY_NAME##", + "description": "##POLICY_DESCRIPTION##", + "metadata": { + "version": "1.0.0-preview", + "category": "##POLICY_CATEGORY##", + "preview": true, + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "alzCloudEnvironments": [ + "AzureCloud" + ], + "_deployed_by_amba": "True" + }, + "parameters": { + "enabled": { + "type": "String", + "metadata": { + "displayName": "Alert State", + "description": "Alert state for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true" + }, + "alertResourceGroupName": { + "type": "String", + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001" + }, + "alertResourceGroupTags": { + "type": "Object", + "metadata": { + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" + }, + "defaultValue": { + "Project": "amba-monitoring" + } + }, + "alertResourceGroupLocation": { + "type": "String", + "metadata": { + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" + }, + "defaultValue": "centralus" + }, + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists" + }, + "MonitorDisableTagName": { + "type": "String", + "metadata": { + "displayName": "ALZ Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" + }, + "defaultValue": "MonitorDisable" + }, + "MonitorDisableTagValues": { + "type": "Array", + "metadata": { + "displayName": "ALZ Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ] + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "##RESOURCE_TYPE##" + }, + { + "field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[[parameters('effect')]", + "details": { + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "type": "Microsoft.Insights/activityLogAlerts", + "name": "##ALERT_NAME##", + "existenceScope": "resourceGroup", + "resourceGroupName": "[[parameters('alertResourceGroupName')]", + "deploymentScope": "subscription", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Insights/ActivityLogAlerts/enabled", + "equals": "[[parameters('enabled')]" + }, + { + "count": { + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]", + "where": { + "anyOf": [ + { + "allOf": [ + { + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", + "equals": "category" + }, + { + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", + "equals": "Administrative" + } + ] + }, + { + "allOf": [ + { + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field", + "equals": "operationName" + }, + { + "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals", + "equals": "##OPERATION_NAME##" + } + ] + } + ] + } + }, + "equals": 2 + } + ] + }, + "deployment": { + "location": "northeurope", + "properties": { + "mode": "incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "alertResourceGroupName": { + "type": "string" + }, + "alertResourceGroupTags": { + "type": "object" + }, + "alertResourceGroupLocation": { + "type": "string" + }, + "enabled": { + "type": "string" + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2020-10-01", + "name": "[[parameters('alertResourceGroupName')]", + "location": "[[parameters('alertResourceGroupLocation')]", + "tags": "[[parameters('alertResourceGroupTags')]" + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "##ALERT_NAME##", + "resourceGroup": "[[parameters('alertResourceGroupName')]", + "dependsOn": [ + "[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" + ], + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "enabled": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + } + }, + "variables": {}, + "resources": [ + { + "type": "microsoft.insights/activityLogAlerts", + "apiVersion": "2020-10-01", + "name": "##ALERT_NAME##", + "location": "global", + "tags": { + "_deployed_by_amba": true + }, + "properties": { + "description": "##ALERT_DESCRIPTION##", + "enabled": "[[parameters('enabled')]", + "scopes": [ + "[[subscription().id]" + ], + "condition": { + "allOf": [ + { + "field": "category", + "equals": "Administrative" + }, + { + "field": "operationName", + "equals": "##OPERATION_NAME##" + }, + { + "field": "status", + "containsAny": [ + "succeeded" + ] + } + ] + }, + "parameters": { + "enabled": { + "value": "[[parameters('enabled')]" + } + } + } + } + ] + }, + "parameters": { + "enabled": { + "value": "[[parameters('enabled')]" + }, + "alertResourceGroupName": { + "value": "[[parameters('alertResourceGroupName')]" + } + } + } + } + ] + }, + "parameters": { + "enabled": { + "value": "[[parameters('enabled')]" + }, + "alertResourceGroupName": { + "value": "[[parameters('alertResourceGroupName')]" + }, + "alertResourceGroupTags": { + "value": "[[parameters('alertResourceGroupTags')]" + }, + "alertResourceGroupLocation": { + "value": "[[parameters('alertResourceGroupLocation')]" + } + } + } + } + } + } + } + } +} diff --git a/tooling/generate-templates/policy/log.json b/tooling/generate-templates/policy/log.json new file mode 100644 index 000000000..dfad50051 --- /dev/null +++ b/tooling/generate-templates/policy/log.json @@ -0,0 +1,603 @@ +{ + "type": "Microsoft.Authorization/policyDefinitions", + "apiVersion": "2021-06-01", + "name": "##POLICY_NAME##", + "properties": { + "policyType": "Custom", + "mode": "All", + "displayName": "##POLICY_DISPLAY_NAME##", + "description": "##POLICY_DESCRIPTION##", + "metadata": { + "version": "1.0.0-preview", + "category": "##POLICY_CATEGORY##", + "preview": true, + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "alzCloudEnvironments": [ + "AzureCloud" + ], + "_deployed_by_amba": "True" + }, + "parameters": { + "alertResourceGroupName": { + "type": "String", + "metadata": { + "displayName": "Resource Group Name", + "description": "Resource group the alert is placed in" + }, + "defaultValue": "rg-amba-monitoring-001" + }, + "alertResourceGroupTags": { + "type": "Object", + "metadata": { + "displayName": "Resource Group Tags", + "description": "Tags on the Resource group the alert is placed in" + }, + "defaultValue": { + "Project": "amba-monitoring" + } + }, + "alertResourceGroupLocation": { + "type": "String", + "metadata": { + "displayName": "Resource Group Location", + "description": "Location of the Resource group the alert is placed in" + }, + "defaultValue": "centralus" + }, + "UAMIResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "The resource Id of the user assigned managed identity.", + "displayName": "User Assigned managed Identity resource Id." + } + }, + "severity": { + "type": "String", + "metadata": { + "displayName": "Severity", + "description": "Severity of the Alert" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "##SEVERITY##" + }, + "operator": { + "type": "String", + "metadata": { + "displayName": "Operator" + }, + "allowedValues": [ + "GreaterThan" + ], + "defaultValue": "##OPERATOR##" + }, + "timeAggregation": { + "type": "String", + "metadata": { + "displayName": "TimeAggregation" + }, + "allowedValues": [ + "Count" + ], + "defaultValue": "##TIME_AGGREGATION##" + }, + "windowSize": { + "type": "String", + "metadata": { + "displayName": "Window Size", + "description": "Window size for the alert" + }, + "allowedValues": [ + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "PT24H" + ], + "defaultValue": "##WINDOW_SIZE##" + }, + "evaluationFrequency": { + "type": "String", + "metadata": { + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" + }, + "allowedValues": [ + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "##EVALUATION_FREQUENCY##" + }, + "autoMitigate": { + "type": "String", + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true" + }, + "autoResolve": { + "type": "String", + "metadata": { + "displayName": "Auto Resolve", + "description": "Auto Resolve for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true" + }, + "autoResolveTime": { + "type": "String", + "metadata": { + "displayName": "Auto Resolve", + "description": "Auto Resolve time for the alert in ISO 8601 format" + }, + "defaultValue": "true" + }, + "enabled": { + "type": "String", + "metadata": { + "displayName": "Alert State", + "description": "Alert state for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true" + }, + "threshold": { + "type": "String", + "metadata": { + "displayName": "Threshold", + "description": "Threshold for the alert" + }, + "defaultValue": "##THRESHOLD##" + }, + "failingPeriods": { + "type": "String", + "metadata": { + "displayName": "Failing Periods", + "description": "Number of failing periods before alert is fired" + }, + "defaultValue": "##MIN_FAILING_PERIODS##" + }, + "evaluationPeriods": { + "type": "String", + "metadata": { + "displayName": "Evaluation Periods", + "description": "The number of aggregated lookback points." + }, + "defaultValue": "##NUMBER_OF_EVALUATION_PERIODS##" + }, + "computersToInclude": { + "type": "array", + "metadata": { + "displayName": "Computers to be included to be monitored", + "description": "Array of Computer to be monitored" + }, + "defaultValue": [ + "*" + ] + }, + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists" + }, + "MonitorDisableTagName": { + "type": "String", + "metadata": { + "displayName": "Monitoring disabled tag name", + "description": "Tag name to disable monitoring. Set to true if monitoring should be disabled" + }, + "defaultValue": "MonitorDisable" + }, + "MonitorDisableTagValues": { + "type": "Array", + "metadata": { + "displayName": "Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ] + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "##RESOURCE_TYPE##" + }, + { + "field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[[parameters('effect')]", + "details": { + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "type": "Microsoft.Insights/scheduledQueryRules", + "existenceScope": "resourceGroup", + "resourceGroupName": "[[parameters('alertResourceGroupName')]", + "deploymentScope": "subscription", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Insights/scheduledQueryRules/displayName", + "equals": "[[concat(subscription().displayName, '-##ALERT_NAME##')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/scopes[*]", + "equals": "[[subscription().id]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/enabled", + "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", + "equals": "[[parameters('operator')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation", + "equals": "[[parameters('timeAggregation')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods", + "equals": "[[parameters('evaluationPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert", + "equals": "[[parameters('failingPeriods')]" + }, + { + "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query", + "equals": "##QUERY##" + }, + { + "field": "identity.userAssignedIdentities", + "containsKey": "[[parameters('UAMIResourceId')]" + } + ] + }, + "deployment": { + "location": "northeurope", + "properties": { + "mode": "incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "alertResourceGroupName": { + "type": "string" + }, + "alertResourceGroupTags": { + "type": "object" + }, + "alertResourceGroupLocation": { + "type": "string" + }, + "UAMIResourceId": { + "type": "string" + }, + "severity": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "autoResolve": { + "type": "String" + }, + "autoResolveTime": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "threshold": { + "type": "String" + }, + "operator": { + "type": "String" + }, + "timeAggregation": { + "type": "String" + }, + "failingPeriods": { + "type": "String" + }, + "evaluationPeriods": { + "type": "String" + }, + "computersToInclude": { + "type": "array" + }, + "MonitorDisableTagName": { + "type": "String" + }, + "MonitorDisableTagValues": { + "type": "Array" + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2021-04-01", + "name": "[[parameters('alertResourceGroupName')]", + "location": "[[parameters('alertResourceGroupLocation')]", + "tags": "[[parameters('alertResourceGroupTags')]" + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "##ALERT_NAME##", + "resourceGroup": "[[parameters('alertResourceGroupName')]", + "dependsOn": [ + "[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]" + ], + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "enabled": { + "type": "string" + }, + "alertResourceGroupName": { + "type": "string" + }, + "alertResourceGroupLocation": { + "type": "string" + }, + "UAMIResourceId": { + "type": "string" + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/scheduledQueryRules", + "apiVersion": "2022-08-01-preview", + "name": "[[concat(subscription().displayName, '-##ALERT_NAME##')]", + "location": "[[parameters('alertResourceGroupLocation')]", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "[[parameters('UAMIResourceId')]": {} + } + }, + "tags": { + "_deployed_by_amba": true + }, + "properties": { + "displayName": "[[concat(subscription().displayName, '-##ALERT_NAME##')]", + "description": "##ALERT_DESCRIPTION##", + "severity": "[[parameters('severity')]", + "enabled": "[[parameters('enabled')]", + "scopes": [ + "[[subscription().Id]" + ], + "targetResourceTypes": [ + "##RESOURCE_TYPE##" + ], + "evaluationFrequency": "[[parameters('evaluationFrequency')]", + "windowSize": "[[parameters('windowSize')]", + "criteria": { + "allOf": [ + { + "query": "##QUERY##", + "threshold": 0, + "operator": "[[parameters('operator')]", + "resourceIdColumn": "_ResourceId", + "timeAggregation": "[[parameters('timeAggregation')]", + "dimensions": [ + ##DIMENSIONS## + ], + "failingPeriods": { + "numberOfEvaluationPeriods": "[[parameters('evaluationPeriods')]", + "minFailingPeriodsToAlert": "[[parameters('failingPeriods')]" + } + } + ] + }, + "autoMitigate": "[[parameters('autoMitigate')]", + "ruleResolveConfiguration": { + "autoResolved": "[[parameters('autoResolve')]", + "timeToResolve": "[[parameters('autoResolveTime')]" + }, + "parameters": { + "alertResourceGroupName": { + "value": "[[parameters('alertResourceGroupName')]" + }, + "alertResourceGroupLocation": { + "value": "[[parameters('alertResourceGroupLocation')]" + }, + "UAMIResourceId": { + "value": "[[parameters('UAMIResourceId')]" + }, + "severity": { + "value": "[[parameters('severity')]" + }, + "windowSize": { + "value": "[[parameters('windowSize')]" + }, + "evaluationFrequency": { + "value": "[[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[[parameters('autoMitigate')]" + }, + "autoResolve": { + "value": "[[parameters('autoResolve')]" + }, + "autoResolveTime": { + "value": "[[parameters('autoResolveTime')]" + }, + "enabled": { + "value": "[[parameters('enabled')]" + }, + "threshold": { + "value": "[[parameters('threshold')]" + }, + "failingPeriods": { + "value": "[[parameters('failingPeriods')]" + }, + "evaluationPeriods": { + "value": "[[parameters('evaluationPeriods')]" + }, + "computersToInclude": { + "value": "[[parameters('computersToInclude')]" + }, + "MonitorDisableTagName": { + "value": "[[parameters('MonitorDisableTagName')]" + }, + "MonitorDisableTagValues": { + "value": "[[parameters('MonitorDisableTagValues')]" + } + } + } + } + ] + }, + "parameters": { + "enabled": { + "value": "[[parameters('enabled')]" + }, + "alertResourceGroupName": { + "value": "[[parameters('alertResourceGroupName')]" + }, + "alertResourceGroupLocation": { + "value": "[[parameters('alertResourceGroupLocation')]" + }, + "UAMIResourceId": { + "value": "[[parameters('UAMIResourceId')]" + } + } + } + } + ] + }, + "parameters": { + "alertResourceGroupName": { + "value": "[[parameters('alertResourceGroupName')]" + }, + "alertResourceGroupTags": { + "value": "[[parameters('alertResourceGroupTags')]" + }, + "alertResourceGroupLocation": { + "value": "[[parameters('alertResourceGroupLocation')]" + }, + "UAMIResourceId": { + "value": "[[parameters('UAMIResourceId')]" + }, + "severity": { + "value": "[[parameters('severity')]" + }, + "windowSize": { + "value": "[[parameters('windowSize')]" + }, + "evaluationFrequency": { + "value": "[[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[[parameters('autoMitigate')]" + }, + "autoResolve": { + "value": "[[parameters('autoResolve')]" + }, + "autoResolveTime": { + "value": "[[parameters('autoResolveTime')]" + }, + "enabled": { + "value": "[[parameters('enabled')]" + }, + "threshold": { + "value": "[[parameters('threshold')]" + }, + "operator": { + "value": "[[parameters('operator')]" + }, + "timeAggregation": { + "value": "[[parameters('timeAggregation')]" + }, + "failingPeriods": { + "value": "[[parameters('failingPeriods')]" + }, + "evaluationPeriods": { + "value": "[[parameters('evaluationPeriods')]" + }, + "computersToInclude": { + "value": "[[parameters('computersToInclude')]" + }, + "MonitorDisableTagName": { + "value": "[[parameters('MonitorDisableTagName')]" + }, + "MonitorDisableTagValues": { + "value": "[[parameters('MonitorDisableTagValues')]" + } + } + } + } + } + } + } + } +} diff --git a/tooling/generate-templates/policy/metric-dynamic.json b/tooling/generate-templates/policy/metric-dynamic.json new file mode 100644 index 000000000..8d2e16839 --- /dev/null +++ b/tooling/generate-templates/policy/metric-dynamic.json @@ -0,0 +1,350 @@ +{ + "type": "Microsoft.Authorization/policyDefinitions", + "apiVersion": "2021-06-01", + "name": "##POLICY_NAME##", + "properties": { + "policyType": "Custom", + "mode": "All", + "displayName": "##POLICY_DISPLAY_NAME##", + "description": "##POLICY_DESCRIPTION##", + "metadata": { + "version": "1.0.0-preview", + "category": "##POLICY_CATEGORY##", + "preview": true, + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "alzCloudEnvironments": [ + "AzureCloud" + ], + "_deployed_by_amba": "True" + }, + "parameters": { + "severity": { + "type": "String", + "metadata": { + "displayName": "Severity", + "description": "Severity of the Alert" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "##SEVERITY##" + }, + "windowSize": { + "type": "String", + "metadata": { + "displayName": "Window Size", + "description": "Window size for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "##WINDOW_SIZE##" + }, + "evaluationFrequency": { + "type": "String", + "metadata": { + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "##EVALUATION_FREQUENCY##" + }, + "alertSensitivity": { + "type": "String", + "metadata": { + "displayName": "Alert Sensitivity", + "description": "Alert Sensitivity for the alert" + }, + "allowedValues": [ + "Low", + "Medium", + "High" + ], + "defaultValue": "##ALERT_SENSITIVITY##" + }, + "autoMitigate": { + "type": "String", + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true" + }, + "enabled": { + "type": "String", + "metadata": { + "displayName": "Alert State", + "description": "Alert state for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true" + }, + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists" + }, + "MonitorDisableTagName": { + "type": "String", + "metadata": { + "displayName": "Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": "MonitorDisable" + }, + "MonitorDisableTagValues": { + "type": "Array", + "metadata": { + "displayName": "Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ] + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "##METRIC_NAMESPACE##" + }, + { + "field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[[parameters('effect')]", + "details": { + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", + "equals": "##METRIC_NAMESPACE##" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", + "equals": "##METRIC_NAME##" + }, + { + "field": "Microsoft.Insights/metricalerts/scopes[*]", + "equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/##METRIC_NAMESPACE##/', field('fullName'))]" + }, + { + "field": "Microsoft.Insights/metricAlerts/enabled", + "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "##TIME_AGGREGATION##" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator", + "equals": "##OPERATOR##" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity", + "equals": "[[parameters('alertSensitivity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert", + "equals": ##MIN_FAILING_PERIODS## + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods", + "equals": ##NUMBER_OF_EVALUATION_PERIODS## + } + ] + }, + "deployment": { + "properties": { + "mode": "incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "resourceName": { + "type": "String", + "metadata": { + "displayName": "resourceName", + "description": "Name of the resource" + } + }, + "resourceId": { + "type": "String", + "metadata": { + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" + } + }, + "severity": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "alertSensitivity": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "enabled": { + "type": "String" + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "apiVersion": "2018-03-01", + "name": "[[concat(parameters('resourceName'), '-##METRIC_NAME##')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + }, + "properties": { + "description": "Metric Alert for ##SERVICE## ##METRIC_NAME##", + "severity": "[[parameters('severity')]", + "enabled": "[[parameters('enabled')]", + "scopes": [ + "[[parameters('resourceId')]" + ], + "evaluationFrequency": "[[parameters('evaluationFrequency')]", + "windowSize": "[[parameters('windowSize')]", + "criteria": { + "allOf": [ + { + "name": "##METRIC_NAME##", + "metricNamespace": "##METRIC_NAMESPACE##", + "metricName": "##METRIC_NAME##", + "operator": "##OPERATOR##", + "alertSensitivity": "[[parameters('alertSensitivity')]", + "failingPeriods": { + "minFailingPeriodsToAlert": ##MIN_FAILING_PERIODS##, + "numberOfEvaluationPeriods": ##NUMBER_OF_EVALUATION_PERIODS## + }, + "timeAggregation": "##TIME_AGGREGATION##", + "criterionType": "##CRITERION_TYPE##" + } + ], + "odata.type": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" + }, + "autoMitigate": "[[parameters('autoMitigate')]", + "parameters": { + "severity": { + "value": "[[parameters('severity')]" + }, + "windowSize": { + "value": "[[parameters('windowSize')]" + }, + "evaluationFrequency": { + "value": "[[parameters('evaluationFrequency')]" + }, + "alertSensitivity": { + "value": "[[parameters('alertSensitivity')]" + }, + "autoMitigate": { + "value": "[[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[[parameters('enabled')]" + } + } + } + } + ] + }, + "parameters": { + "resourceName": { + "value": "[[field('name')]" + }, + "resourceId": { + "value": "[[field('id')]" + }, + "severity": { + "value": "[[parameters('severity')]" + }, + "windowSize": { + "value": "[[parameters('windowSize')]" + }, + "evaluationFrequency": { + "value": "[[parameters('evaluationFrequency')]" + }, + "alertSensitivity": { + "value": "[[parameters('alertSensitivity')]" + }, + "autoMitigate": { + "value": "[[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[[parameters('enabled')]" + } + } + } + } + } + } + } + } +} diff --git a/tooling/generate-templates/policy/metric-static.json b/tooling/generate-templates/policy/metric-static.json new file mode 100644 index 000000000..239357421 --- /dev/null +++ b/tooling/generate-templates/policy/metric-static.json @@ -0,0 +1,333 @@ +{ + "type": "Microsoft.Authorization/policyDefinitions", + "apiVersion": "2021-06-01", + "name": "##POLICY_NAME##", + "properties": { + "policyType": "Custom", + "mode": "All", + "displayName": "##POLICY_DISPLAY_NAME##", + "description": "##POLICY_DESCRIPTION##", + "metadata": { + "version": "1.0.0-preview", + "category": "##POLICY_CATEGORY##", + "preview": true, + "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", + "alzCloudEnvironments": [ + "AzureCloud" + ], + "_deployed_by_amba": "True" + }, + "parameters": { + "severity": { + "type": "String", + "metadata": { + "displayName": "Severity", + "description": "Severity of the Alert" + }, + "allowedValues": [ + "0", + "1", + "2", + "3", + "4" + ], + "defaultValue": "##SEVERITY##" + }, + "windowSize": { + "type": "String", + "metadata": { + "displayName": "Window Size", + "description": "Window size for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H", + "PT6H", + "PT12H", + "P1D" + ], + "defaultValue": "##WINDOW_SIZE##" + }, + "evaluationFrequency": { + "type": "String", + "metadata": { + "displayName": "Evaluation Frequency", + "description": "Evaluation frequency for the alert" + }, + "allowedValues": [ + "PT1M", + "PT5M", + "PT15M", + "PT30M", + "PT1H" + ], + "defaultValue": "##EVALUATION_FREQUENCY##" + }, + "autoMitigate": { + "type": "String", + "metadata": { + "displayName": "Auto Mitigate", + "description": "Auto Mitigate for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true" + }, + "enabled": { + "type": "String", + "metadata": { + "displayName": "Alert State", + "description": "Alert state for the alert" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true" + }, + "threshold": { + "type": "String", + "metadata": { + "displayName": "Threshold", + "description": "Threshold for the alert" + }, + "defaultValue": "##THRESHOLD##" + }, + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "deployIfNotExists" + }, + "MonitorDisableTagName": { + "type": "String", + "metadata": { + "displayName": "Monitoring disabled tag name", + "description": "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": "MonitorDisable" + }, + "MonitorDisableTagValues": { + "type": "Array", + "metadata": { + "displayName": "Monitoring disabled tag values(s)", + "description": "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." + }, + "defaultValue": [ + "true", + "Test", + "Dev", + "Sandbox" + ] + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "##METRIC_NAMESPACE##" + }, + { + "field": "[[concat('tags[', parameters('MonitorDisableTagName'), ']')]", + "notIn": "[[parameters('MonitorDisableTagValues')]" + } + ] + }, + "then": { + "effect": "[[parameters('effect')]", + "details": { + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "type": "Microsoft.Insights/metricAlerts", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace", + "equals": "##METRIC_NAMESPACE##" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName", + "equals": "##METRIC_NAME##" + }, + { + "field": "Microsoft.Insights/metricalerts/scopes[*]", + "equals": "[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/##METRIC_NAMESPACE##/', field('fullName'))]" + }, + { + "field": "Microsoft.Insights/metricAlerts/enabled", + "equals": "[[parameters('enabled')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/evaluationFrequency", + "equals": "[[parameters('evaluationFrequency')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/windowSize", + "equals": "[[parameters('windowSize')]" + }, + { + "field": "Microsoft.Insights/metricalerts/severity", + "equals": "[[parameters('severity')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/autoMitigate", + "equals": "[[parameters('autoMitigate')]" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation", + "equals": "##TIME_AGGREGATION##" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator", + "equals": "##OPERATOR##" + }, + { + "field": "Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold", + "equals": "[[if(contains(field('tags'), '_amba-##METRIC_NAME##-threshold-Override_'), field('tags._amba-##METRIC_NAME##-threshold-Override_'), parameters('threshold'))]" + } + ] + }, + "deployment": { + "properties": { + "mode": "incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "resourceName": { + "type": "String", + "metadata": { + "displayName": "resourceName", + "description": "Name of the resource" + } + }, + "resourceId": { + "type": "String", + "metadata": { + "displayName": "resourceId", + "description": "Resource ID of the resource emitting the metric that will be used for the comparison" + } + }, + "severity": { + "type": "String" + }, + "windowSize": { + "type": "String" + }, + "evaluationFrequency": { + "type": "String" + }, + "autoMitigate": { + "type": "String" + }, + "enabled": { + "type": "String" + }, + "threshold": { + "type": "String" + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/metricAlerts", + "apiVersion": "2018-03-01", + "name": "[[concat(parameters('resourceName'), '-##METRIC_NAME##')]", + "location": "global", + "tags": { + "_deployed_by_amba": true + }, + "properties": { + "description": "Metric Alert for ##SERVICE## ##METRIC_NAME##", + "severity": "[[parameters('severity')]", + "enabled": "[[parameters('enabled')]", + "scopes": [ + "[[parameters('resourceId')]" + ], + "evaluationFrequency": "[[parameters('evaluationFrequency')]", + "windowSize": "[[parameters('windowSize')]", + "criteria": { + "allOf": [ + { + "name": "##METRIC_NAME##", + "metricNamespace": "##METRIC_NAMESPACE##", + "metricName": "##METRIC_NAME##", + "operator": "##OPERATOR##", + "threshold": "[[parameters('threshold')]", + "timeAggregation": "##TIME_AGGREGATION##", + "criterionType": "##CRITERION_TYPE##" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "autoMitigate": "[[parameters('autoMitigate')]", + "parameters": { + "severity": { + "value": "[[parameters('severity')]" + }, + "windowSize": { + "value": "[[parameters('windowSize')]" + }, + "evaluationFrequency": { + "value": "[[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[[parameters('enabled')]" + }, + "threshold": { + "value": "[[parameters('threshold')]" + } + } + } + } + ] + }, + "parameters": { + "resourceName": { + "value": "[[field('name')]" + }, + "resourceId": { + "value": "[[field('id')]" + }, + "severity": { + "value": "[[parameters('severity')]" + }, + "windowSize": { + "value": "[[parameters('windowSize')]" + }, + "evaluationFrequency": { + "value": "[[parameters('evaluationFrequency')]" + }, + "autoMitigate": { + "value": "[[parameters('autoMitigate')]" + }, + "enabled": { + "value": "[[parameters('enabled')]" + }, + "threshold": { + "value": "[[if(contains(field('tags'), '_amba-##METRIC_NAME##-threshold-Override_'), field('tags._amba-##METRIC_NAME##-threshold-Override_'), parameters('threshold'))]" + } + } + } + } + } + } + } + } +}