ALZ-Bicep/.ps-rule/DiagLogForAutomation.Rule.yaml

#
# Suppression and rules for unsupported scenarios.
#

# NOTE:
# For details on authoring suppression groups see:
# https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_SuppressionGroups/
# https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_Expressions/

---
# Synopsis: Ignore automation account audit diagnostic logs are enabled as these are covered by DINE policies in ALZ
apiVersion: github.com/microsoft/PSRule/v1
kind: SuppressionGroup
metadata:
  name: ALZ.DiagLogForAutomation
spec:
  rule:
  - Azure.Automation.AuditLogs
  - Azure.Automation.PlatformLogs
  if:
    allOf:
    - name: '.'
      contains: alz-automation-account
    - type: '.'
      in:
      - Microsoft.Automation/automationAccounts