feat: add fsi library files (#87)

See #86 --------- Co-authored-by: sdeguchi <sdeguchi@microsoft.com>
Azure · Nov 12, 2024 · 7500582 · 7500582
1 parent 266ad39
commit 7500582
Show file tree

Hide file tree

Showing 17 changed files with 1,749 additions and 0 deletions.
diff --git a/platform/fsi/README.md b/platform/fsi/README.md
diff --git a/platform/fsi/alz_library_metadata.json b/platform/fsi/alz_library_metadata.json
@@ -0,0 +1,13 @@
+{
+  "$schema": "https://raw.githubusercontent.com/Azure/Azure-Landing-Zones-Library/main/schemas/library_metadata.json",
+  "name": "FSI",
+  "display_name": "Financial Services Industry",
+  "description": "This library provides the reference set of Financial Services Industry (FSI) policies, archetypes, and management group architecture.",
+  "path": "platform/fsi",
+  "dependencies": [
+    {
+      "path": "platform/alz",
+      "ref": "2024.07.4"
+    }
+  ]
+}
diff --git a/platform/fsi/alz_policy_default_values.json b/platform/fsi/alz_policy_default_values.json
@@ -0,0 +1,87 @@
+{
+  "defaults": [
+    {
+      "default_name": "allowedLocationsForConfidentialComputing",
+      "policy_assignments": [
+        {
+          "parameter_names": [
+            "listOfAllowedLocations"
+          ],
+          "policy_assignment_name": "Enforce-Fsi-Conf"
+        }
+      ]
+    },
+    {
+      "default_name": "allowedLocations",
+      "policy_assignments": [
+        {
+          "parameter_names": [
+            "listOfAllowedLocations-1"
+          ],
+          "policy_assignment_name": "SO-01-Data-Residency"
+        }
+      ]
+    },
+    {
+      "default_name": "policyEffect",
+      "policy_assignments": [
+        {
+          "parameter_names": [
+            "effect"
+          ],
+          "policy_assignment_name": "Enforce-Fsi-Conf"
+        }
+      ]
+    },
+    {
+      "default_name": "ddosProtectionPlanId",
+      "policy_assignments": [
+        {
+          "parameter_names": [
+            "ddosPlan"
+          ],
+          "policy_assignment_name": "Enable-DDoS-VNET"
+        }
+      ]
+    },
+    {
+      "default_name": "ddosProtectionPlanEffect",
+      "policy_assignments": [
+        {
+          "parameter_names": [
+            "effect"
+          ],
+          "policy_assignment_name": "Enable-DDoS-VNET"
+        }
+      ]
+    },
+    {
+      "default_name": "emailSecurityContact",
+      "policy_assignments": [
+        {
+          "parameter_names": [
+            "emailSecurityContact"
+          ],
+          "policy_assignment_name": "Deploy-MDFC-Config-H224"
+        }
+      ]
+    },
+    {
+      "default_name": "logAnalyticsWorkspaceId",
+      "policy_assignments": [
+        {
+          "parameter_names": [
+            "logAnalytics"
+          ],
+          "policy_assignment_name": "TR-01-Logging"
+        },
+        {
+          "parameter_names": [
+            "logAnalytics"
+          ],
+          "policy_assignment_name": "Deploy-Diag-Logs"
+        }
+      ]
+    }
+  ]
+}
diff --git a/platform/fsi/archetype_definitions/confidential.alz_archetype_definition.json b/platform/fsi/archetype_definitions/confidential.alz_archetype_definition.json
@@ -0,0 +1,9 @@
+{
+  "name": "confidential",
+  "policy_assignments": [
+    "Enforce-Fsi-Conf"
+  ],
+  "policy_definitions": [],
+  "policy_set_definitions": [],
+  "role_definitions": []
+}
diff --git a/platform/fsi/archetype_definitions/fsi_root.alz_archetype_definition.json b/platform/fsi/archetype_definitions/fsi_root.alz_archetype_definition.json
@@ -0,0 +1,10 @@
+{
+  "name": "fsi_root",
+  "policy_assignments": [],
+  "policy_definitions": [],
+  "policy_set_definitions": [
+    "50e4abe0-fc74-4546-9bd4-070ad748670b",
+    "d22ea5a9-2a46-4f25-8d11-e8ef42769e46"
+  ],
+  "role_definitions": []
+}
diff --git a/platform/fsi/archetype_definitions/re_01_zonal_residency.alz_archetype_definition.json b/platform/fsi/archetype_definitions/re_01_zonal_residency.alz_archetype_definition.json
@@ -0,0 +1,9 @@
+{
+  "name": "re_01_zonal_residency",
+  "policy_assignments": [
+    "RE-01-Zonal-Residency"
+  ],
+  "policy_definitions": [],
+  "policy_set_definitions": [],
+  "role_definitions": []
+}
diff --git a/platform/fsi/archetype_definitions/so_01_data_residency.alz_archetype_definition.json b/platform/fsi/archetype_definitions/so_01_data_residency.alz_archetype_definition.json
@@ -0,0 +1,9 @@
+{
+  "name": "so_01_data_residency",
+  "policy_assignments": [
+    "SO-01-Data-Residency"
+  ],
+  "policy_definitions": [],
+  "policy_set_definitions": [],
+  "role_definitions": []
+}
diff --git a/platform/fsi/archetype_definitions/so_04_cmk.alz_archetype_definition.json b/platform/fsi/archetype_definitions/so_04_cmk.alz_archetype_definition.json
@@ -0,0 +1,9 @@
+{
+  "name": "so_04_cmk",
+  "policy_assignments": [
+    "SO-04-CMK"
+  ],
+  "policy_definitions": [],
+  "policy_set_definitions": [],
+  "role_definitions": []
+}
diff --git a/platform/fsi/archetype_definitions/tr_01_logging.alz_archetype_definition.json b/platform/fsi/archetype_definitions/tr_01_logging.alz_archetype_definition.json
@@ -0,0 +1,9 @@
+{
+  "name": "tr_01_logging",
+  "policy_assignments": [
+    "TR-01-Logging"
+  ],
+  "policy_definitions": [],
+  "policy_set_definitions": [],
+  "role_definitions": []
+}
diff --git a/platform/fsi/architecture_definitions/fsi.alz_architecture_definition.json b/platform/fsi/architecture_definitions/fsi.alz_architecture_definition.json
@@ -0,0 +1,89 @@
+{
+  "name": "fsi",
+  "management_groups": [
+    {
+      "archetypes": ["fsi_root", "root"],
+      "display_name": "FSI Landing Zone",
+      "exists": false,
+      "id": "fsi",
+      "parent_id": null
+    },
+    {
+      "archetypes": ["landing_zones"],
+      "display_name": "Landing Zones",
+      "exists": false,
+      "id": "fsi-landingzones",
+      "parent_id": "fsi"
+    },
+    {
+      "archetypes": ["platform"],
+      "display_name": "Platform",
+      "exists": false,
+      "id": "fsi-platform",
+      "parent_id": "fsi"
+    },
+    {
+      "archetypes": ["identity"],
+      "display_name": "Identity",
+      "exists": false,
+      "id": "fsi-platform-identity",
+      "parent_id": "fsi-platform"
+    },
+    {
+      "archetypes": ["connectivity"],
+      "display_name": "Connectivity",
+      "exists": false,
+      "id": "fsi-platform-connectivity",
+      "parent_id": "fsi-platform"
+    },
+    {
+      "archetypes": ["management"],
+      "display_name": "Management",
+      "exists": false,
+      "id": "fsi-platform-management",
+      "parent_id": "fsi-platform"
+    },
+    {
+      "archetypes": ["corp"],
+      "display_name": "Corp",
+      "exists": false,
+      "id": "fsi-landingzones-corp",
+      "parent_id": "fsi-landingzones"
+    },
+    {
+      "archetypes": ["confidential", "corp"],
+      "display_name": "Confidential Corp",
+      "exists": false,
+      "id": "fsi-landingzones-confidential-corp",
+      "parent_id": "fsi-landingzones"
+    },
+    {
+      "archetypes": ["online"],
+      "display_name": "Online",
+      "exists": false,
+      "id": "fsi-landingzones-online",
+      "parent_id": "fsi-landingzones"
+    },
+    {
+      "archetypes": ["confidential", "online"],
+      "display_name": "Confidential Online",
+      "exists": false,
+      "id": "fsi-landingzones-confidential-online",
+      "parent_id": "fsi-landingzones"
+    },
+    {
+      "archetypes": ["sandboxes"],
+      "display_name": "Sandbox",
+      "exists": false,
+      "id": "fsi-sandbox",
+      "parent_id": "fsi"
+    },
+    {
+      "archetypes": ["decommissioned"],
+      "display_name": "Decommissioned",
+      "exists": false,
+      "id": "fsi-decommissioned",
+      "parent_id": "fsi"
+    }
+  ]
+}