Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

optionally deploy built-in Policy Initiatives for NIST 800-53, CMMC Level 3, or DOD IL5 #397

Merged
merged 20 commits into from
Sep 9, 2021
Merged

optionally deploy built-in Policy Initiatives for NIST 800-53, CMMC Level 3, or DOD IL5 #397

merged 20 commits into from
Sep 9, 2021

Conversation

shawngib
Copy link
Member

@shawngib shawngib commented Sep 7, 2021
edited
Loading

Description

Add parameter based deployment for Policy initiative deployment of NIST/CMMC/IL5 as needed.

Issue reference

The issue this PR will close: #387

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

  • All tests pass (manual and automated)
  • The documentation is updated to cover any new or changed features
  • Markdown files have been linted using the recommended linter. (See .vscode/extensions.json.)
  • Relevant issues are linked to this PR

@glennmusa glennmusa changed the title Sg bicep policy #387 optionally deploy built-in Policy Initiatives for NIST 800-53, CMMC Level 3, or DOD IL5 Sep 7, 2021
glennmusa
glennmusa suggested changes Sep 7, 2021
View reviewed changes
shawngib
shawngib commented Sep 8, 2021
View reviewed changes
Copy link
Member Author

@shawngib shawngib left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to revert back. The original was correct when testing it works as expected with original not with new line.
Original:

var modifiedAssignment = (environment().name =~ 'AzureCloud' && builtInAssignment =~ 'IL5' ? 'NIST' : builtInAssignment)

@shawngib
Reverting if then/else to original
291096c
@shawngib
updated out of band policy deployment using file
0c2f099 
Example command: az deployment group create --resource-group mlz-rnvmkhkcgceda-operations --name sg-mlztest1 --template-file ./src/bicep/modules/policyAssignment.bicep --parameters builtInAssignment=CMMC logAnalyticsWorkspaceName=mlz-rnvmkhkcgceda-laws
@shawngib
modified stand alone out of band policy command example
6b6f84f
@shawngib
Removed policy assignment prefix
18fd0c7
@glennmusa
Copy link
Contributor

glennmusa commented Sep 8, 2021
edited
Loading

Need to revert back. The original was correct when testing it works as expected with original not with new line.
Original:

var modifiedAssignment = (environment().name =~ 'AzureCloud' && builtInAssignment =~ 'IL5' ? 'NIST' : builtInAssignment)

Huh, my mistake. Looks like I need to read up on inline function evaluation in Bicep! My assumption was (environment().name =~ 'AzureCloud' && builtInAssignment =~ 'IL5') ? 'NIST' : builtInAssignment

glennmusa
glennmusa suggested changes Sep 9, 2021
View reviewed changes
Copy link
Contributor

@glennmusa glennmusa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor changes for references and naming, everything worked great and deployed with NIST, IL5, and CMMC in AzureUsGovernment and AzureCloud

glennmusa
glennmusa approved these changes Sep 9, 2021
View reviewed changes
Copy link
Contributor

@glennmusa glennmusa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @shawngib 🎉

@glennmusa glennmusa merged commit 04f8771 into Azure:bicep Sep 9, 2021
Breanna-Stryker added a commit that referenced this pull request Sep 17, 2021
@Breanna-Stryker @vidyambala
@glennmusa @shawngib
Main Bicep Branch Parity (#416)
279d1b5 
* prefer local backends for terraform

* add a Bicep Azure Sentinel module (#385)

* Remove Client/Client Secret/Tenant Vars from Terraform Templates

Co-authored-by: Bree Stryker <[email protected]>

* add workflows to lint and build .bicep modules (#400)

* disable verbose lint output (#402)

* optionally deploy built-in Policy Initiatives for NIST 800-53, CMMC Level 3, or DOD IL5 (#397)

* log activities from subscriptions used in a deployment into the Operations log analytics workspace (#412)

* optionally deploy Azure Bastion Host from the base deployment (#406)

Co-authored-by: Vidya Bala <[email protected]>
Co-authored-by: Bree Stryker <[email protected]>
Co-authored-by: Glenn Musa <[email protected]>
Co-authored-by: Shawn Gibbs <[email protected]>
@glennmusa glennmusa mentioned this pull request Oct 14, 2021
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glennmusa glennmusa glennmusa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shawngib @glennmusa