diff --git a/.ps-rule/ManagedIdentityForAutomation.Rule.yaml b/.ps-rule/ManagedIdentityForAutomation.Rule.yaml deleted file mode 100644 index 2d10d94c..00000000 --- a/.ps-rule/ManagedIdentityForAutomation.Rule.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# -# Suppression and rules for unsupported scenarios. -# - -# NOTE: -# For details on authoring suppression groups see: -# https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_SuppressionGroups/ -# https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_Expressions/ - ---- -# Synopsis: Ignore Managed Identity is used for authentication. -apiVersion: github.com/microsoft/PSRule/v1 -kind: SuppressionGroup -metadata: - name: ALZ.ManagedIdentityForAutomation -spec: - rule: - - Azure.Automation.ManagedIdentity - if: - allOf: - - name: '.' - contains: alz-automation-account - - type: '.' - in: - - Microsoft.Automation/automationAccounts diff --git a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md index 4483fa37..a2c15404 100644 --- a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md +++ b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md @@ -13,6 +13,7 @@ parLogAnalyticsWorkspaceLogRetentionInDays | No | Number of days of log re parLogAnalyticsWorkspaceSolutions | No | Solutions that will be added to the Log Analytics Workspace. parAutomationAccountName | No | Automation account name. parAutomationAccountLocation | No | Automation Account region name. - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings. +parAutomationAccountUseManagedIdentity | No | Automation Account - use managed identity. parTags | No | Tags you would like to be applied to all resources in this module. parAutomationAccountTags | No | Tags you would like to be applied to Automation Account. parLogAnalyticsWorkspaceTags | No | Tags you would like to be applied to Log Analytics Workspace. @@ -78,6 +79,14 @@ Automation Account region name. - Ensure the regions selected is a supported map - Default value: `[resourceGroup().location]` +### parAutomationAccountUseManagedIdentity + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Automation Account - use managed identity. + +- Default value: `True` + ### parTags ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -164,6 +173,9 @@ outAutomationAccountId | string | "parAutomationAccountLocation": { "value": "[resourceGroup().location]" }, + "parAutomationAccountUseManagedIdentity": { + "value": true + }, "parTags": { "value": {} }, diff --git a/infra-as-code/bicep/modules/logging/logging.bicep b/infra-as-code/bicep/modules/logging/logging.bicep index d3867d42..b1c1d1a8 100644 --- a/infra-as-code/bicep/modules/logging/logging.bicep +++ b/infra-as-code/bicep/modules/logging/logging.bicep @@ -59,6 +59,9 @@ param parAutomationAccountName string = 'alz-automation-account' @sys.description('Automation Account region name. - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings.') param parAutomationAccountLocation string = resourceGroup().location +@sys.description('Automation Account - use managed identity.') +param parAutomationAccountUseManagedIdentity bool = true + @sys.description('Tags you would like to be applied to all resources in this module.') param parTags object = {} @@ -78,6 +81,9 @@ resource resAutomationAccount 'Microsoft.Automation/automationAccounts@2021-06-2 name: parAutomationAccountName location: parAutomationAccountLocation tags: parAutomationAccountTags + identity: parAutomationAccountUseManagedIdentity ? { + type: 'SystemAssigned' + } : null properties: { sku: { name: 'Basic' diff --git a/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json b/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json index df031f5f..f2904002 100644 --- a/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json +++ b/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json @@ -35,6 +35,9 @@ "parAutomationAccountLocation": { "value": "eastus2" }, + "parAutomationAccountUseManagedIdentity": { + "value": true + }, "parTags": { "value": { "Environment": "POC" diff --git a/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json b/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json index 06a33edd..d4c42115 100644 --- a/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json +++ b/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json @@ -35,6 +35,9 @@ "parAutomationAccountLocation": { "value": "chinaeast2" }, + "parAutomationAccountUseManagedIdentity": { + "value": true + }, "parTags": { "value": { "Environment": "POC" diff --git a/infra-as-code/bicep/modules/logging/samples/baseline.sample.bicep b/infra-as-code/bicep/modules/logging/samples/baseline.sample.bicep index 3e21cae5..882a07ad 100644 --- a/infra-as-code/bicep/modules/logging/samples/baseline.sample.bicep +++ b/infra-as-code/bicep/modules/logging/samples/baseline.sample.bicep @@ -39,6 +39,7 @@ module baseline_logging '../logging.bicep' = { 'VMInsights' ] parAutomationAccountName: 'alz-automation-account' + parAutomationAccountUseManagedIdentity: true parTelemetryOptOut: false } }