diff --git a/infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Deploy-Private-DNS-Zones.json b/infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Deploy-Private-DNS-Zones.json index 1029fde0..f55ca49e 100644 --- a/infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Deploy-Private-DNS-Zones.json +++ b/infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Deploy-Private-DNS-Zones.json @@ -8,7 +8,7 @@ "displayName": "Configure Azure PaaS services to use private DNS zones", "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones", "metadata": { - "version": "2.2.0", + "version": "2.3.0", "category": "Network", "source": "https://github.com/Azure/Enterprise-Scale/", "alzCloudEnvironments": [ @@ -16,6 +16,184 @@ ] }, "parameters": { + "dnsZoneSubscriptionId": { + "type": "string", + "defaultValue": "", + "metadata": { + "displayName": "Subscription Id", + "description": "The subscription id where the private DNS zones are deployed. If this is specified, it will override any individual private DNS zone resource ids specified." + } + }, + "dnsZoneResourceGroupName": { + "type": "string", + "defaultValue": "", + "metadata": { + "displayName": "Resource Group Name", + "description": "The resource group where the private DNS zones are deployed. If this is specified, it will override any individual private DNS zone resource ids specified." + } + }, + "dnsZoneResourceType": { + "type": "string", + "defaultValue": "Microsoft.Network/privateDnsZones", + "metadata": { + "displayName": "Resource Type", + "description": "The resource type where the private DNS zones are deployed. If this is specified, it will override any individual private DNS zone resource ids specified." + } + }, + "dnsZoneRegion": { + "type": "string", + "defaultValue": "changeme", + "metadata": { + "displayName": "Region", + "description": "The region where the private DNS zones are deployed. If this is specified, it will override any individual private DNS zone resource ids specified." + } + }, + "dnzZoneRegionShortNames": { + "type": "object", + "defaultValue": { + "changeme": "changeme", + "australiacentral": "acl", + "australiacentral2": "acl2", + "australiaeast": "ae", + "australiasoutheast": "ase", + "brazilsoutheast": "bse", + "brazilsouth": "brs", + "canadacentral": "cnc", + "canadaeast": "cne", + "centralindia": "inc", + "centralus": "cus", + "centraluseuap": "ccy", + "chilecentral": "clc", + "eastasia": "ea", + "eastus": "eus", + "eastus2": "eus2", + "eastus2euap": "ecy", + "francecentral": "frc", + "francesouth": "frs", + "germanynorth": "gn", + "germanywestcentral": "gwc", + "israelcentral": "ilc", + "italynorth": "itn", + "japaneast": "jpe", + "japanwest": "jpw", + "koreacentral": "krc", + "koreasouth": "krs", + "malaysiasouth": "mys", + "malaysiawest": "myw", + "mexicocentral": "mxc", + "newzealandnorth": "nzn", + "northcentralus": "ncus", + "northeurope": "ne", + "norwayeast": "nwe", + "norwaywest": "nww", + "polandcentral": "plc", + "qatarcentral": "qac", + "southafricanorth": "san", + "southafricawest": "saw", + "southcentralus": "scus", + "southeastasia": "sea", + "southindia": "ins", + "spaincentral": "spc", + "swedencentral": "sdc", + "swedensouth": "sds", + "switzerlandnorth": "szn", + "switzerlandwest": "szw", + "taiwannorth": "twn", + "uaecentral": "uac", + "uaenorth": "uan", + "uksouth": "uks", + "ukwest": "ukw", + "westcentralus": "wcus", + "westeurope": "we", + "westindia": "inw", + "westus": "wus", + "westus2": "wus2", + "westus3": "wus3" + }, + "metadata": { + "displayName": "Region Short Name Mapping", + "description": "Mapping of region to private DNS zone resource id. If the region is not specified, the default private DNS zone resource id will be used." + } + }, + "dnsZoneNames": { + "type": "object", + "defaultValue": { + "azureAcrPrivateDnsZoneId": "privatelink.azurecr.io", + "azureAcrDataPrivateDnsZoneId": "{regionName}.data.privatelink.azurecr.io", + "azureAppPrivateDnsZoneId": "privatelink.azconfig.io", + "azureAppServicesPrivateDnsZoneId": "privatelink.azurewebsites.net", + "azureArcGuestconfigurationPrivateDnsZoneId": "privatelink.guestconfiguration.azure.com", + "azureArcHybridResourceProviderPrivateDnsZoneId": "privatelink.his.arc.azure.com", + "azureArcKubernetesConfigurationPrivateDnsZoneId": "privatelink.dp.kubernetesconfiguration.azure.com", + "azureAsrPrivateDnsZoneId": "privatelink.siterecovery.windowsazure.com", + "azureAutomationDSCHybridPrivateDnsZoneId": "privatelink.azure-automation.net", + "azureAutomationWebhookPrivateDnsZoneId": "privatelink.azure-automation.net", + "azureBatchPrivateDnsZoneId": "privatelink.batch.azure.com", + "azureBotServicePrivateDnsZoneId": "privatelink.directline.botframework.com", + "azureCognitiveSearchPrivateDnsZoneId": "privatelink.search.windows.net", + "azureCognitiveServicesPrivateDnsZoneId": "privatelink.cognitiveservices.azure.com", + "azureCosmosCassandraPrivateDnsZoneId": "privatelink.cassandra.cosmos.azure.com", + "azureCosmosGremlinPrivateDnsZoneId": "privatelink.gremlin.cosmos.azure.com", + "azureCosmosMongoPrivateDnsZoneId": "privatelink.mongo.cosmos.azure.com", + "azureCosmosSQLPrivateDnsZoneId": "privatelink.documents.azure.com", + "azureCosmosTablePrivateDnsZoneId": "privatelink.table.cosmos.azure.com", + "azureDataExplorerPrivateDnsZoneId": "privatelink.{regionName}.kusto.windows.net", + "azureDataFactoryPortalPrivateDnsZoneId": "privatelink.adf.azure.com", + "azureDataFactoryPrivateDnsZoneId": "privatelink.datafactory.azure.net", + "azureDatabricksPrivateDnsZoneId": "privatelink.azuredatabricks.net", + "azureDiskAccessPrivateDnsZoneId": "privatelink.blob.core.windows.net", + "azureEventGridDomainsPrivateDnsZoneId": "privatelink.eventgrid.azure.net", + "azureEventGridTopicsPrivateDnsZoneId": "privatelink.eventgrid.azure.net", + "azureEventHubNamespacePrivateDnsZoneId": "privatelink.servicebus.windows.net", + "azureFilePrivateDnsZoneId": "privatelink.afs.azure.net", + "azureHDInsightPrivateDnsZoneId": "privatelink.azurehdinsight.net", + "azureIotCentralPrivateDnsZoneId": "privatelink.azureiotcentral.com", + "azureIotDeviceupdatePrivateDnsZoneId": "privatelink.azure-devices.net", + "azureIotHubsPrivateDnsZoneId": "privatelink.azure-devices.net", + "azureIotPrivateDnsZoneId": "privatelink.azure-devices-provisioning.net", + "azureKeyVaultPrivateDnsZoneId": "privatelink.vaultcore.azure.net", + "azureKubernetesManagementPrivateDnsZoneId": "privatelink.{regionName}.azmk8s.io", + "azureMachineLearningWorkspacePrivateDnsZoneId": "privatelink.api.azureml.ms", + "azureMachineLearningWorkspaceSecondPrivateDnsZoneId": "privatelink.notebooks.azure.net", + "azureManagedGrafanaWorkspacePrivateDnsZoneId": "privatelink.grafana.azure.com", + "azureMediaServicesKeyPrivateDnsZoneId": "privatelink.media.azure.net", + "azureMediaServicesLivePrivateDnsZoneId": "privatelink.media.azure.net", + "azureMediaServicesStreamPrivateDnsZoneId": "privatelink.media.azure.net", + "azureMigratePrivateDnsZoneId": "privatelink.prod.migration.windowsazure.com", + "azureMonitorPrivateDnsZoneId1": "privatelink.monitor.azure.com", + "azureMonitorPrivateDnsZoneId2": "privatelink.oms.opinsights.azure.com", + "azureMonitorPrivateDnsZoneId3": "privatelink.ods.opinsights.azure.com", + "azureMonitorPrivateDnsZoneId4": "privatelink.agentsvc.azure-automation.net", + "azureMonitorPrivateDnsZoneId5": "privatelink.blob.core.windows.net", + "azureRedisCachePrivateDnsZoneId": "privatelink.redis.cache.windows.net", + "azureServiceBusNamespacePrivateDnsZoneId": "privatelink.servicebus.windows.net", + "azureSignalRPrivateDnsZoneId": "privatelink.service.signalr.net", + "azureSiteRecoveryBackupPrivateDnsZoneId": "privatelink.{regionCode}.backup.windowsazure.com", + "azureSiteRecoveryBlobPrivateDnsZoneId": "privatelink.blob.core.windows.net", + "azureSiteRecoveryQueuePrivateDnsZoneId": "privatelink.queue.core.windows.net", + "azureStorageBlobPrivateDnsZoneId": "privatelink.blob.core.windows.net", + "azureStorageBlobSecPrivateDnsZoneId": "privatelink.blob.core.windows.net", + "azureStorageDFSPrivateDnsZoneId": "privatelink.dfs.core.windows.net", + "azureStorageDFSSecPrivateDnsZoneId": "privatelink.dfs.core.windows.net", + "azureStorageFilePrivateDnsZoneId": "privatelink.file.core.windows.net", + "azureStorageQueuePrivateDnsZoneId": "privatelink.queue.core.windows.net", + "azureStorageQueueSecPrivateDnsZoneId": "privatelink.queue.core.windows.net", + "azureStorageStaticWebPrivateDnsZoneId": "privatelink.web.core.windows.net", + "azureStorageStaticWebSecPrivateDnsZoneId": "privatelink.web.core.windows.net", + "azureStorageTablePrivateDnsZoneId": "privatelink.table.core.windows.net", + "azureStorageTableSecondaryPrivateDnsZoneId": "privatelink.table.core.windows.net", + "azureSynapseDevPrivateDnsZoneId": "privatelink.dev.azuresynapse.net", + "azureSynapseSQLPrivateDnsZoneId": "privatelink.sql.azuresynapse.net", + "azureSynapseSQLODPrivateDnsZoneId": "privatelink.sql.azuresynapse.net", + "azureVirtualDesktopHostpoolPrivateDnsZoneId": "privatelink.wvd.microsoft.com", + "azureVirtualDesktopWorkspacePrivateDnsZoneId": "privatelink.wvd.microsoft.com", + "azureWebPrivateDnsZoneId": "privatelink.webpubsub.azure.com" + }, + "metadata": { + "displayName": "DNS Zone Names", + "description": "The list of private DNS zone names to be used for the Azure PaaS services." + } + }, "azureFilePrivateDnsZoneId": { "type": "string", "defaultValue": "", @@ -592,29 +770,29 @@ "description": "Private DNS Zone Identifier" } }, - "azureSiteRecoveryBackupPrivateDnsZoneID": { + "azureSiteRecoveryBackupPrivateDnsZoneId": { "type": "string", "defaultValue": "", "metadata": { - "displayName": "azureSiteRecoveryBackupPrivateDnsZoneID", + "displayName": "azureSiteRecoveryBackupPrivateDnsZoneId", "strongType": "Microsoft.Network/privateDnsZones", "description": "Private DNS Zone Identifier" } }, - "azureSiteRecoveryBlobPrivateDnsZoneID": { + "azureSiteRecoveryBlobPrivateDnsZoneId": { "type": "string", "defaultValue": "", "metadata": { - "displayName": "azureSiteRecoveryBlobPrivateDnsZoneID", + "displayName": "azureSiteRecoveryBlobPrivateDnsZoneId", "strongType": "Microsoft.Network/privateDnsZones", "description": "Private DNS Zone Identifier" } }, - "azureSiteRecoveryQueuePrivateDnsZoneID": { + "azureSiteRecoveryQueuePrivateDnsZoneId": { "type": "string", "defaultValue": "", "metadata": { - "displayName": "azureSiteRecoveryQueuePrivateDnsZoneID", + "displayName": "azureSiteRecoveryQueuePrivateDnsZoneId", "strongType": "Microsoft.Network/privateDnsZones", "description": "Private DNS Zone Identifier" } @@ -650,7 +828,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureFilePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureFilePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureFilePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -663,7 +841,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureAutomationWebhookPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAutomationWebhookPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAutomationWebhookPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "Webhook" @@ -679,7 +857,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAutomationDSCHybridPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAutomationDSCHybridPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "DSCAndHybridWorker" @@ -695,7 +873,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCosmosSQLPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosSQLPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosSQLPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "SQL" @@ -711,7 +889,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCosmosMongoPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosMongoPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosMongoPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "MongoDB" @@ -727,7 +905,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCosmosCassandraPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosCassandraPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosCassandraPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "Cassandra" @@ -743,7 +921,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCosmosGremlinPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosGremlinPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosGremlinPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "Gremlin" @@ -759,7 +937,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCosmosTablePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosTablePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosTablePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "Table" @@ -775,7 +953,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureDataFactoryPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDataFactoryPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDataFactoryPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "listOfGroupIds": { "value": [ @@ -793,7 +971,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDataFactoryPortalPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDataFactoryPortalPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "listOfGroupIds": { "value": [ @@ -811,7 +989,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureDatabricksPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDatabricksPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDatabricksPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "databricks_ui_api" @@ -827,7 +1005,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureDatabricksPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDatabricksPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDatabricksPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "browser_authentication" @@ -843,7 +1021,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureHDInsightPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureHDInsightPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureHDInsightPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "cluster" @@ -859,7 +1037,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureMigratePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMigratePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMigratePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -872,7 +1050,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageBlobPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageBlobPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageBlobPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -885,7 +1063,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageBlobSecPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageBlobSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageBlobSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -898,7 +1076,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageQueuePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageQueuePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageQueuePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -911,7 +1089,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageQueueSecPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageQueueSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageQueueSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -924,7 +1102,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageFilePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageFilePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageFilePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -937,7 +1115,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageStaticWebPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageStaticWebPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageStaticWebPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -950,7 +1128,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageStaticWebSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageStaticWebSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -963,7 +1141,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageDFSPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageDFSPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageDFSPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -976,7 +1154,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageDFSSecPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageDFSSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageDFSSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -989,7 +1167,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureSynapseSQLPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSynapseSQLPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSynapseSQLPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "targetSubResource": { "value": "Sql" @@ -1005,7 +1183,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureSynapseSQLODPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSynapseSQLODPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSynapseSQLODPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "targetSubResource": { "value": "SqlOnDemand" @@ -1021,7 +1199,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureSynapseDevPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSynapseDevPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSynapseDevPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "targetSubResource": { "value": "Dev" @@ -1037,7 +1215,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMediaServicesKeyPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMediaServicesKeyPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "keydelivery" @@ -1053,7 +1231,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureMediaServicesLivePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMediaServicesLivePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMediaServicesLivePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "liveevent" @@ -1069,7 +1247,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMediaServicesStreamPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMediaServicesStreamPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "streamingendpoint" @@ -1085,19 +1263,19 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365", "parameters": { "privateDnsZoneId1": { - "value": "[[parameters('azureMonitorPrivateDnsZoneId1')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId1'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId1, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneId2": { - "value": "[[parameters('azureMonitorPrivateDnsZoneId2')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId2'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId2, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneId3": { - "value": "[[parameters('azureMonitorPrivateDnsZoneId3')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId3'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId3, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneId4": { - "value": "[[parameters('azureMonitorPrivateDnsZoneId4')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId4'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId4, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneId5": { - "value": "[[parameters('azureMonitorPrivateDnsZoneId5')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId5'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId5, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1110,7 +1288,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureWebPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureWebPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureWebPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1123,7 +1301,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureBatchPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureBatchPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureBatchPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1136,7 +1314,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureAppPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAppPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAppPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1149,7 +1327,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureAsrPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAsrPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAsrPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1162,7 +1340,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureIotPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1175,7 +1353,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureKeyVaultPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureKeyVaultPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureKeyVaultPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1188,7 +1366,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureSignalRPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSignalRPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSignalRPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1201,7 +1379,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureAppServicesPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAppServicesPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAppServicesPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1214,7 +1392,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureEventGridTopicsPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureEventGridTopicsPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureEventGridTopicsPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect1')]" @@ -1227,7 +1405,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureDiskAccessPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDiskAccessPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDiskAccessPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1240,7 +1418,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCognitiveServicesPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCognitiveServicesPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCognitiveServicesPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1253,7 +1431,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureIotHubsPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotHubsPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotHubsPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect1')]" @@ -1266,7 +1444,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureEventGridDomainsPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureEventGridDomainsPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureEventGridDomainsPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect1')]" @@ -1279,7 +1457,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureRedisCachePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureRedisCachePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureRedisCachePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1292,7 +1470,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureAcrPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAcrPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAcrPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1305,7 +1483,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureEventHubNamespacePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureEventHubNamespacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureEventHubNamespacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1318,10 +1496,10 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMachineLearningWorkspacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMachineLearningWorkspacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "secondPrivateDnsZoneId": { - "value": "[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMachineLearningWorkspaceSecondPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1334,7 +1512,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureServiceBusNamespacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureServiceBusNamespacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1347,7 +1525,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCognitiveSearchPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCognitiveSearchPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCognitiveSearchPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1360,7 +1538,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureBotServicePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureBotServicePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureBotServicePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1373,7 +1551,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureManagedGrafanaWorkspacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1386,7 +1564,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureVirtualDesktopHostpoolPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "connection" @@ -1402,7 +1580,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureVirtualDesktopWorkspacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "feed" @@ -1418,7 +1596,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotDeviceupdatePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotDeviceupdatePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1431,13 +1609,13 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9", "parameters": { "privateDnsZoneIDForGuestConfiguration": { - "value": "[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureArcGuestconfigurationPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureArcGuestconfigurationPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneIDForHybridResourceProvider": { - "value": "[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureArcHybridResourceProviderPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureArcHybridResourceProviderPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneIDForKubernetesConfiguration": { - "value": "[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureArcKubernetesConfigurationPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureArcKubernetesConfigurationPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1450,7 +1628,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureIotCentralPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotCentralPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotCentralPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1463,7 +1641,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageTablePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageTablePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageTablePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1476,7 +1654,7 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f", "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageTableSecondaryPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageTableSecondaryPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -1489,13 +1667,13 @@ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820", "parameters": { "privateDnsZone-Backup": { - "value": "[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSiteRecoveryBackupPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSiteRecoveryBackupPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZone-Blob": { - "value": "[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSiteRecoveryBlobPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSiteRecoveryBlobPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZone-Queue": { - "value": "[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSiteRecoveryQueuePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSiteRecoveryQueuePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" diff --git a/infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Deploy-Private-DNS-Zones.parameters.json b/infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Deploy-Private-DNS-Zones.parameters.json index 9a498b1f..97a9da84 100644 --- a/infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Deploy-Private-DNS-Zones.parameters.json +++ b/infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Deploy-Private-DNS-Zones.parameters.json @@ -2,7 +2,7 @@ "DINE-Private-DNS-Azure-ACR": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureAcrPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAcrPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAcrPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -12,7 +12,7 @@ "DINE-Private-DNS-Azure-App": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureAppPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAppPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAppPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -22,7 +22,7 @@ "DINE-Private-DNS-Azure-AppServices": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureAppServicesPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAppServicesPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAppServicesPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -32,13 +32,13 @@ "DINE-Private-DNS-Azure-Arc": { "parameters": { "privateDnsZoneIDForGuestConfiguration": { - "value": "[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureArcGuestconfigurationPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureArcGuestconfigurationPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneIDForHybridResourceProvider": { - "value": "[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureArcHybridResourceProviderPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureArcHybridResourceProviderPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneIDForKubernetesConfiguration": { - "value": "[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureArcKubernetesConfigurationPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureArcKubernetesConfigurationPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -48,7 +48,7 @@ "DINE-Private-DNS-Azure-Automation-DSCHybrid": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAutomationDSCHybridPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAutomationDSCHybridPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "DSCAndHybridWorker" @@ -61,7 +61,7 @@ "DINE-Private-DNS-Azure-Automation-Webhook": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureAutomationWebhookPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAutomationWebhookPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAutomationWebhookPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "Webhook" @@ -74,7 +74,7 @@ "DINE-Private-DNS-Azure-Batch": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureBatchPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureBatchPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureBatchPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -84,7 +84,7 @@ "DINE-Private-DNS-Azure-BotService": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureBotServicePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureBotServicePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureBotServicePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -94,7 +94,7 @@ "DINE-Private-DNS-Azure-CognitiveSearch": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCognitiveSearchPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCognitiveSearchPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCognitiveSearchPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -104,7 +104,7 @@ "DINE-Private-DNS-Azure-CognitiveServices": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCognitiveServicesPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCognitiveServicesPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCognitiveServicesPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -114,7 +114,7 @@ "DINE-Private-DNS-Azure-Cosmos-Cassandra": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCosmosCassandraPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosCassandraPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosCassandraPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "Cassandra" @@ -127,7 +127,7 @@ "DINE-Private-DNS-Azure-Cosmos-Gremlin": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCosmosGremlinPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosGremlinPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosGremlinPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "Gremlin" @@ -140,7 +140,7 @@ "DINE-Private-DNS-Azure-Cosmos-MongoDB": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCosmosMongoPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosMongoPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosMongoPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "MongoDB" @@ -153,7 +153,7 @@ "DINE-Private-DNS-Azure-Cosmos-SQL": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCosmosSQLPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosSQLPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosSQLPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "SQL" @@ -166,7 +166,7 @@ "DINE-Private-DNS-Azure-Cosmos-Table": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureCosmosTablePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosTablePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosTablePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "Table" @@ -179,7 +179,7 @@ "DINE-Private-DNS-Azure-Databricks-Browser-AuthN": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureDatabricksPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDatabricksPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDatabricksPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "browser_authentication" @@ -192,7 +192,7 @@ "DINE-Private-DNS-Azure-Databricks-UI-Api": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureDatabricksPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDatabricksPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDatabricksPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "databricks_ui_api" @@ -205,7 +205,7 @@ "DINE-Private-DNS-Azure-DataFactory": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureDataFactoryPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDataFactoryPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDataFactoryPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "listOfGroupIds": { "value": [ @@ -220,7 +220,7 @@ "DINE-Private-DNS-Azure-DataFactory-Portal": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDataFactoryPortalPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDataFactoryPortalPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "listOfGroupIds": { "value": [ @@ -235,7 +235,7 @@ "DINE-Private-DNS-Azure-DiskAccess": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureDiskAccessPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDiskAccessPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDiskAccessPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -245,7 +245,7 @@ "DINE-Private-DNS-Azure-EventGridDomains": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureEventGridDomainsPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureEventGridDomainsPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureEventGridDomainsPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect1')]" @@ -255,7 +255,7 @@ "DINE-Private-DNS-Azure-EventGridTopics": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureEventGridTopicsPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureEventGridTopicsPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureEventGridTopicsPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect1')]" @@ -265,7 +265,7 @@ "DINE-Private-DNS-Azure-EventHubNamespace": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureEventHubNamespacePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureEventHubNamespacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureEventHubNamespacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -275,7 +275,7 @@ "DINE-Private-DNS-Azure-File-Sync": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureFilePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureFilePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureFilePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -285,7 +285,7 @@ "DINE-Private-DNS-Azure-HDInsight": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureHDInsightPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureHDInsightPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureHDInsightPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "cluster" @@ -298,7 +298,7 @@ "DINE-Private-DNS-Azure-IoT": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureIotPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -308,7 +308,7 @@ "DINE-Private-DNS-Azure-IoTCentral": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureIotCentralPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotCentralPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotCentralPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -318,7 +318,7 @@ "DINE-Private-DNS-Azure-IoTDeviceupdate": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotDeviceupdatePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotDeviceupdatePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -328,7 +328,7 @@ "DINE-Private-DNS-Azure-IoTHubs": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureIotHubsPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotHubsPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotHubsPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect1')]" @@ -338,7 +338,7 @@ "DINE-Private-DNS-Azure-KeyVault": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureKeyVaultPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureKeyVaultPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureKeyVaultPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -348,10 +348,10 @@ "DINE-Private-DNS-Azure-MachineLearningWorkspace": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMachineLearningWorkspacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMachineLearningWorkspacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "secondPrivateDnsZoneId": { - "value": "[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMachineLearningWorkspaceSecondPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -361,7 +361,7 @@ "DINE-Private-DNS-Azure-ManagedGrafanaWorkspace": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureManagedGrafanaWorkspacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -371,7 +371,7 @@ "DINE-Private-DNS-Azure-MediaServices-Key": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMediaServicesKeyPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMediaServicesKeyPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "keydelivery" @@ -384,7 +384,7 @@ "DINE-Private-DNS-Azure-MediaServices-Live": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureMediaServicesLivePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMediaServicesLivePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMediaServicesLivePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "liveevent" @@ -397,7 +397,7 @@ "DINE-Private-DNS-Azure-MediaServices-Stream": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMediaServicesStreamPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMediaServicesStreamPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "groupId": { "value": "streamingendpoint" @@ -410,7 +410,7 @@ "DINE-Private-DNS-Azure-Migrate": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureMigratePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMigratePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMigratePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -420,19 +420,19 @@ "DINE-Private-DNS-Azure-Monitor": { "parameters": { "privateDnsZoneId1": { - "value": "[[parameters('azureMonitorPrivateDnsZoneId1')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId1'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId1, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneId2": { - "value": "[[parameters('azureMonitorPrivateDnsZoneId2')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId2'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId2, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneId3": { - "value": "[[parameters('azureMonitorPrivateDnsZoneId3')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId3'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId3, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneId4": { - "value": "[[parameters('azureMonitorPrivateDnsZoneId4')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId4'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId4, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZoneId5": { - "value": "[[parameters('azureMonitorPrivateDnsZoneId5')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId5'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId5, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -442,7 +442,7 @@ "DINE-Private-DNS-Azure-RedisCache": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureRedisCachePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureRedisCachePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureRedisCachePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -452,7 +452,7 @@ "DINE-Private-DNS-Azure-ServiceBusNamespace": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureServiceBusNamespacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureServiceBusNamespacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -462,7 +462,7 @@ "DINE-Private-DNS-Azure-SignalR": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureSignalRPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSignalRPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSignalRPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -472,7 +472,7 @@ "DINE-Private-DNS-Azure-Site-Recovery": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureAsrPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAsrPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAsrPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -482,13 +482,13 @@ "DINE-Private-DNS-Azure-Site-Recovery-Backup": { "parameters": { "privateDnsZone-Backup": { - "value": "[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSiteRecoveryBackupPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSiteRecoveryBackupPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZone-Blob": { - "value": "[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSiteRecoveryBlobPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSiteRecoveryBlobPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateDnsZone-Queue": { - "value": "[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSiteRecoveryQueuePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSiteRecoveryQueuePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -498,7 +498,7 @@ "DINE-Private-DNS-Azure-Storage-Blob": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageBlobPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageBlobPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageBlobPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -508,7 +508,7 @@ "DINE-Private-DNS-Azure-Storage-Blob-Sec": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageBlobSecPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageBlobSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageBlobSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -518,7 +518,7 @@ "DINE-Private-DNS-Azure-Storage-DFS": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageDFSPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageDFSPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageDFSPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -528,7 +528,7 @@ "DINE-Private-DNS-Azure-Storage-DFS-Sec": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageDFSSecPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageDFSSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageDFSSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -538,7 +538,7 @@ "DINE-Private-DNS-Azure-Storage-File": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageFilePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageFilePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageFilePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -548,7 +548,7 @@ "DINE-Private-DNS-Azure-Storage-Queue": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageQueuePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageQueuePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageQueuePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -558,7 +558,7 @@ "DINE-Private-DNS-Azure-Storage-Queue-Sec": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageQueueSecPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageQueueSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageQueueSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -568,7 +568,7 @@ "DINE-Private-DNS-Azure-Storage-StaticWeb": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageStaticWebPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageStaticWebPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageStaticWebPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -578,7 +578,7 @@ "DINE-Private-DNS-Azure-Storage-StaticWeb-Sec": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageStaticWebSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageStaticWebSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -588,7 +588,7 @@ "DINE-Private-DNS-Azure-Storage-Table": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageTablePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageTablePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageTablePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -598,7 +598,7 @@ "DINE-Private-DNS-Azure-Storage-Table-Secondary": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageTableSecondaryPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageTableSecondaryPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]" @@ -608,7 +608,7 @@ "DINE-Private-DNS-Azure-Synapse-Dev": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureSynapseDevPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSynapseDevPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSynapseDevPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "targetSubResource": { "value": "Dev" @@ -621,7 +621,7 @@ "DINE-Private-DNS-Azure-Synapse-SQL": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureSynapseSQLPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSynapseSQLPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSynapseSQLPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "targetSubResource": { "value": "Sql" @@ -634,7 +634,7 @@ "DINE-Private-DNS-Azure-Synapse-SQL-OnDemand": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureSynapseSQLODPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSynapseSQLODPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSynapseSQLODPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "targetSubResource": { "value": "SqlOnDemand" @@ -647,7 +647,7 @@ "DINE-Private-DNS-Azure-VirtualDesktopHostpool": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureVirtualDesktopHostpoolPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "connection" @@ -660,7 +660,7 @@ "DINE-Private-DNS-Azure-VirtualDesktopWorkspace": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureVirtualDesktopWorkspacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "privateEndpointGroupId": { "value": "feed" @@ -673,7 +673,7 @@ "DINE-Private-DNS-Azure-Web": { "parameters": { "privateDnsZoneId": { - "value": "[[parameters('azureWebPrivateDnsZoneId')]" + "value": "[[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureWebPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureWebPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]" }, "effect": { "value": "[[parameters('effect')]"