Update securityCenter.bicep module API provider to prevent warnings #560
Conversation
|
I noticed that I no longer get the ASC Default Audit policies applied to my subscription after this deployment. Gonna mark as Draft for now just so it doesn't go through without confirming the impact of that change. Will catch up offline!👍 Previously: With these changes: |
|
Proposed changes involve adding a default policyAssignment that originates from the policy initiative "Azure Security Benchmark" and is named "ASC Default" - this has been tested and it has shown that the deployment completes successfully and proves to be idempotent in nature; updating as needed to ensure a consistent baseline policy initiative assignment.
Slightly new resource type designation but will create the same policy assignment consistently:
|
brooke-hamilton
changed the title
There was a problem hiding this comment.
To verify this I deployed the main branch to a subscription with deployASC=true. Then I deployed this PR branch to another subscription with deployASC=true. I compared the policy assignments of the two subscriptions and they are almost exactly the same. The difference was an additional policy included in the default initiative, but I'm assuming that's due to using a documented and current API, which is a good thing. Everything about ASC being enabled looks the same as before, except no warnings. 🎆 👍 🎉
Description
removed invalid parameters in securityCenter.bicep
Tested and observed "ASC Default" policies being applied upon initialization of ASC on account.
Also observed the set-hub-sub-security-center deployment completing successfully:
No warnings are occurring and this appears to be behaving as expected.
Issue reference
The issue this PR will close: #485
Checklist
Please make sure you've completed the relevant tasks for this PR out of the following list: